Process "MsMpEng.exe", heap page: [0x0ad67000 - 0x0b043000]
Found signature for ZeuS 1.x
Process "MsMpEng.exe", heap page: [0x0b155000 - 0x0b38b000]
Found signature for ZeuS 1.x
Process "MsMpEng.exe", heap page: [0x0b3aa000 - 0x0b801000]
Found signature for ZeuS 1.x
Process "AAWService.exe", heap page: [0x0b3a5000 - 0x0b3bd000]
Found signature for ZeuS 1.x
Process "AAWService.exe", heap page: [0x11bc2000 - 0x11bed000]
Found signature for ZeuS 1.x
But thats just the AV/AntiSpyware detections?
Don’t tell me I’m fuxed please! Altho I never use bankingstuff, but it’s false positive yeah?
The suggested scanner over SAS is MBAM, which I posted in my original thread: http://forum.avast.com/index.php?topic=64000.0 - Post #8 for directions. Update MBAM first; quarantine anything that comes up positive (do NOT delete). Please cut and paste your log here for us to analyze. Thank you.
NOTE: If you tend to visit risky sites, you may want to do a one time life-time purchase of MBAM Pro (resident) and it will not conflict with other security software for added protection, however you still need to update it prior to running scans.
Since these are detections in Memory - My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can’t be scanned. Since they aren’t physical files they can’t be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.
The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don’t be too surprised if it finds some in memory.
The detections aren’t on the file names shown, just that they are the process responsible for loading it into memory.
The other security applications you have installed are the cause, Windows Defender and AdAware loading unencrypted signatures into memory and being detected as I would expect from a scan looking for virus signatures. So it isn’t a false positive, but you aren’t infected.
You have several options, a)don’t select a memory scan in the custom scan, b) ignore those entries associated with the two programs, c) remove one or more of those programs or d) disable the resident element of both as avast also has anti-spyware built in.
Personally I wouldn't give AdAware hard disk space as it is a much depreciated application now with WD installed you don't really need it and there are better application should you want to replace it, MBAM and SAS.
Greetings, you’re great people! Did you see the program I posted tho? It basicly just give “analyse” and a report text. So thats the log.
I don’t get the shortnames you use (whats SaS?), but I got Avast! Adaware, Windows Defender, SpyBot, CCleaner that I use and ZA as a firewall. Then I tweaked my OS pretty good (shutted off a lot of not needed services) so I’m fine I think, nothing but one or another suspicious cookie here and there sometimes.
I used MalwareBytes Anti-Malware (updated and all) and found:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17.09.2010 13:48:19
mbam-log-2010-09-17 (13-48-19).txt
Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 210136
Time elapsed: 37 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
But a quick internetsearch found that this is just a harmless leftover. Afaik it was a temporary internet file that Avast! aborted a long time ago.
There is no sign of Zeus on my computer, other than what seems to be the ZeusDecoder detection of what my security-programs does. Which is probably not a real virus infection If I am correct? Thats what I wanted to ask from the experts.
Hehe, Zone Alarm and ZeusDecoder managed to scare me now!
RE: MBAM log:
It is an old registry entry, but without associated files inert, but best got rid of anyway.
This should have answered you question “Which is probably not a real virus infection If I am correct?”
The other security applications you have installed are the cause, Windows Defender and AdAware loading unencrypted signatures into memory and being detected as I would expect from a scan looking for virus signatures. So it isn't a false positive, but you aren't infected.
It’s good to layer your security software for defense, but don’t over do it is what we are trying to say. Out dated or obsolete software you can get rid of.
In addition, keep your current software up to date by using something like free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ and scan your machine weekly; direct vendor downloads are provided if needed. Many of us use it since software is constantly changing.
Also check to make sure your browser (browser will be checked with Secunia) and any add-on’s are current, and use safe browsing practices.
Keep your AV up to date. Find a solid FW that you trust.
If you feel that your issue is now resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed.
Feel free to come back any time you need help, to learn something new, or just to ask questions. We are here 24/7 for your convenience.