Win32:FakeAlert-GY [trj]

I’m running Avast 4.8 at the moment and I’ve had this pop up twice with the On-Access Scanner (sensitivity is on High, version 4.8-1368), both times I’ve moved to the chest, the infected filepath was “C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb”. I’ve not visited any insecure sites, and everything is up to date according to the secunia.com scanner. I’ve run Spybot S&D which picked up nothing (also have the Resident protection going, didn’t pick it up at the time), SUPERAntiSpyware which also picked up nothing, a full scan with Windows Defender which again picked up nothing, and I’ve run a thorough scan with avast which turned up nothing. Also, I’ve noticed that today my HDD indicator light isn’t working, I can’t recall whether this has been going on all day, or only since the infection notification, not sure whether this is relevant, but it seemed an odd coincidence.

I did a google search and found someone asking about the very same filepath, a reply said that the C:\Windows\SoftwareDistribution\ file is only used by automatic updater, which was going today, and that you should stop the auto update service, deleted the folder and then start it again, is that right?

you have not scanned with the best www.malwarebytes.org
and i would remove Spybot and upgrade my avast to V5

Malwarebytes hasn’t detected anything, and I’m installing Avast 5 now.

Installed Avast5 and again it picked up nothing.

Also, here is a current hijackthis log:

H Ragamuffin,

Your system seems clean of harmfull software. But we could not detect an active firewall.

Overview of running tasks: (Click on the task for more info)

NMIndexStoreSvr.exe Backgroundtask
Nero Home

TeaTimer.exe Application
Spybot S&D Realtime Scanner

PDVD9Serv.exe Backgroundtask
PowerDVD RC Service

jusched.exe Backgroundtask
Sun Java Update Scheduler

AvastUI.exe Virusscan
avast! Antivirus

firefox.exe Application
Mozilla Firefox

HijackThis.exe Application
Hijackthis

polonus

Well, that’s a relief then. As for the firewall, I’m using the Windows one, it says it’s working.

Hi Ragamuffin,

Then you’re good to go,

pol