system
1
This popped up during a scheduled scan on an application server running Windows Server 2008 R2.
File “Process 1740 [cmdnetw.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)” is infected by “Win32:Cycbot-KI [Trj]” virus
File “Process 1628 [avastnet.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)” is infected by “Win32:Cycbot-KI [Trj]” virus
File “Process 752 [avastsvc.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)” is infected by “Win32:Cycbot-KI [Trj]” virus
and about 8-9 other processes are being flagged as infected.
We are using avast Business Protection Plus, definition version is 110925-0, program version is 6.0.1253.
I’m about 90% positive this is a false positive after searching Google. Can anyone confirm what I’m thinking?
Please update your virus definitions - also are you running a memory scan
They appear to be false positives
system
3
Virus definitions are up to date. I am running a memory scan and I know people here say not to, but I would much rather research a false positive than completely miss something.
They are false positives so ignore them please
system
5
Paul Rodgers - While you are 90% positive of false positive I am about 90% sure that virus compromised about 140meg of “stuff” from my PC. I suggest you do some more investigation before you write it off as no threat. I am far from being an expert at this stuff, but know what’s happened to my machine. I made another post in the thread about programs that stopped working for what that might be worth.
Take CARE …