On November 8th my system was infected with the WIN 32 KADRBOT (so-called by AVAST!). Besides AVAST, I’ve run several of Kaspersky’s fixes and Malwarebytes - which I think is the app that finally got it - in safe mode. Finally, it seems I have my computer back.

However, this morning I ran DeBank, an application that checks for banking trojans. This is the report I got:

W32/Zeus variant detectd in the process C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

Pieces of potentially malicious code were found in the memory. It is strongly advised that you run a proper AntiVirus scan on the machine. Below you can find some free online scanners.

I am wondering if this could be correct.

I’m using WindowsXP.

Thanks.

Argh memory scans, this is no different to avast making detections on other security software that has virus signatures loaded into memory.

Memory scans cause more confusion than comfort, nit to mention, detecting it in memory would be somewhat late as it is loaded.

Thanks for the information

As you know, the infection detected was a W32/Zeus variant.

So for this type of malicious Microsoft has Malicious Software Removal Tool updates

So please get this tool by doing windows update and be safe

I would suggest you please don’t use any other security softwares, because it would conflict with Avast.

Did you even read my post, obviously not, this is detecting virus signatures in memory (not real viruses) loaded into memory by avastSvc.exe and why memory scans return weird results.

Why else wouldn’t it find any associated files registry entries.

Guess he didn’t.

The virus was detected by AVAST. It is now gone - 90% sure. No more problems online, no more Firewall going crazy, no more AVAST jumping up with warnings about programs I’ve had on my system for years, and no more thousands of cookies.

I posted because I wanted to know if the DeBank report could have an validity.

Thanks to all who answered me. I appreciate it.

You’re welcome.