Avast is picking up a virus in:
Process 1784 [steam.exe], memory block 0x000000000400000, block size 1269160 (Steam.exe)
Threat: Win32:FakeAlert-AAB[Trj]
Program version: 6.0.1125
Virus definitions: 110530-0
I’m guessing this is another FP like the one’s we have seen before?
Do you have MBAM (Malwarebytes) on your machine? If so, update first and run a scan. If you do not have it:
Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
· Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform Quick Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply.
If the virus is in your Avast Chest, you can also upload it to Avast.
Avast won’t allow me to place the “virus” in the chest.
MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.orgDatabase version: 6722
Windows 6.1.7600
Internet Explorer 9.0.8112.1642130/05/2011 10:49:29
mbam-log-2011-05-30 (10-49-29).txtScan type: Full scan (C:|D:|)
Objects scanned: 418765
Time elapsed: 25 minute(s), 9 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
(No malicious items detected)Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
(No malicious items detected)Folders Infected:
(No malicious items detected)Files Infected:
(No malicious items detected)
Checked my backup computer which doesn’t have steam on it and isn’t attached to the same network, Avast says it’s clean.
I installed steam via the install from the official website as soon as it’s installed and I do a fresh scan Avast picks up a virus.
.......and I do a fresh scan Avast picks up a virus......
Process 1784 [steam.exe], memory block 0x000000000400000, block size 1269160 (Steam.exe)what type of scan is this....is it a custom scan where you have selected "Scan memory"
if you search the forum for “steam.exe” you will find more
here is one http://forum.avast.com/index.php?topic=49186.0
Yes it’s a custom scan of the memory
That setting often give some mysterious results, usually it is malware signaturs from other security programs installed that is detected
so why it detect this i do not know
If you run the normal quick/full scan with default settings, any detection then?
have you tested the steam.exe file at www.virustotal.com
Quick scan and Full Scan doesn’t detect anything and VirusTotal scan on the Steam.exe also doesn’t find anything.
That is because the memory scan incorporated into the Quick and Full scans doesn’t go into the same depth/sensitivity.
Personally I haven’t seen a reason to run a custom scan when the Quick and Full pre-defined scans should be adequate. But if doing a custom scan I wouldn’t select the memory scan.
I have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on.