Dear all,
I’d very much welcome any thoughts on the following issue:
When I scan my Eraser program folder, or Eraser.exe itself, the latest versions of both Avast and Malwarebytes find no threat.
However, when I run a memory scan, Avast warns me that Eraser.exe is infected by Win32:PrefPoly [Cryp]. (Please see attached screenshot below.)
If I exit Eraser, and run a memory scan the threat is gone. If I then launch Eraser again, Avast’s real-time shields allow the action, still not detecting any threat as the program is loaded into memory and run to erase files. Now, if I run a memory scan with Eraser still loaded in memory the threat is back.
If this threat is real, I’m puzzled as to why Avast’s real-time shield is not aware of the threat when the program is loading into memory. A quick scan of the PC using Avast’s standard settings (which does not include a memory scan) found no threat, even while Eraser was still loaded in the memory. Malwarebytes (which does include a memory scan) also found no threat when I ran a quick scan with standard settings.
My Eraser program was installed on 15 Feb 2008, from the official site. Numerous scans of memory and hard disk have revealed no problems until yesterday. I have experienced no other unusual problems (unexpected HD activity, slowdowns, pop-ups, etc) with my Vista (no service pack) PC whatsoever.
Any thoughts would be welcome as to whether this is likely to be a real threat or a false positive?
With thanks,
David
