This popped up during a scheduled scan on an application server running Windows Server 2008 R2.

File “Process 1740 [cmdnetw.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)” is infected by “Win32:Cycbot-KI [Trj]” virus

File “Process 1628 [avastnet.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)” is infected by “Win32:Cycbot-KI [Trj]” virus

File “Process 752 [avastsvc.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)” is infected by “Win32:Cycbot-KI [Trj]” virus

and about 8-9 other processes are being flagged as infected.

We are using avast Business Protection Plus, definition version is 110925-0, program version is 6.0.1253.

I’m about 90% positive this is a false positive after searching Google. Can anyone confirm what I’m thinking?

Please update your virus definitions - also are you running a memory scan

They appear to be false positives

Virus definitions are up to date. I am running a memory scan and I know people here say not to, but I would much rather research a false positive than completely miss something.

They are false positives so ignore them please

Paul Rodgers - While you are 90% positive of false positive I am about 90% sure that virus compromised about 140meg of “stuff” from my PC. I suggest you do some more investigation before you write it off as no threat. I am far from being an expert at this stuff, but know what’s happened to my machine. I made another post in the thread about programs that stopped working for what that might be worth.

Take CARE …