This morning, during a full scan, Avast! detected a virus, threat level: high, and moved it to the chest. The file name was C:\Windows\system32\drivers\mbamswissarmy.sys. In addition to Avast! Internet Security, I have Malwarebytes Pro Anti-Malware. They usually play nice with each other, so I am curious about why Avast! might have perceived this file, which seems to be associated with MBAM Pro, as a threat. Also, MBAM has recently detected and removed threats that seemed, based on their file names, to be associated with Avast!. None of these removals seem to have affected the performance of either security program, so I will leave it in the chest until I figure out what’s going on. Can someone please explain this?
Hi SouternAnCap,
I found this info provided by a moderator on MalwareBytes forum “Please open Malwarebytes Anti-Malware and begin a scan (it can be a Quick scan or a Full scan, your choice) and while the scan is running, mbamswissarmy.sys should be present in C:\Windows\System32\drivers. MBAM simply removes the file when it isn’t using it and then replaces it again when it is using it for a scan”. The right system process data should be, as given here: http://www.backgroundtask.eu/Systeemtaken/taakinfo/60155/mbamswissarmy.sys/
Read about an earlier detection here: http://forum.avast.com/index.php?topic=51841.0
The thing to do here is to allow it to be sent to avast for analysis…
polonus
you may also do this…
The following instructions show you how to exclude Avast! 6 and Malwarebytes’ Anti-Malware from one another to prevent conflicts and improve performance:
http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=417798&#entry417798
Thank you!
Sounds like a typical false positive to me.