Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1458
  • Last Modified:

AVIRA: Over-Enthusiastic Hueristics?

I have no reason to suspect that this Win7 PC is infected.
I always have realtime protection and updates running with Avira & Malwarebytes
This is what I get when I scan with Avira. (Heuristics set to default - medium)
I didn't run any repairs.

C:\Windows\regedit.exe
  [DETECTION] Contains suspicious code HEUR/Modified.SystemFile
  [NOTE]      The detection was classified as suspicious.
  [WARNING]   The file was ignored.

Ditto for these ......
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\regsvr32.exe
C:\Windows\system32\mshtml.dll
C:\Windows\system32\dnsapi.dll
C:\Windows\system32\d3d9.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\system32\aclui.dll
C:\Windows\system32\dsound.dll
C:\Windows\system32\imm32.dll
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\drivers\beep.sys
C:\Windows\system32\kernel32.DLL
C:\Windows\system32\gdi32.DLL
C:\Windows\system32\user32.DLL
C:\Windows\system32\advapi32.DLL
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\alg.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\ws2_32.DLL
C:\Windows\system32\wsock32.DLL
C:\Windows\system32\wininet.DLL
C:\Windows\system32\smss.exe
C:\Windows\explorer.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe

Can I believe any of this ?
0
Eirman
Asked:
Eirman
  • 3
  • 3
  • 2
3 Solutions
 
TolomirAdministratorCommented:
you can simply upload one of those files to https://www.virustotal.com/ and let it check by a bunch of antivirus tools.

This will tell you if avira is having the same issues like avast today on android with a wrong virus pattern signature file claiming all programs are infected..
0
 
aadihCommented:
I believe, "[you] have no reason to suspect that this Win7 PC is infected."

BTW, You don't have real-time protection on for both of them (Avira and MBAM). Do you? If yes, disable on of them.
0
 
EirmanChief Operations ManagerAuthor Commented:
You don't have real-time protection on for both of them (Avira and MBAM)
I do. I didn't think that they conflicted. Which should I disable?

Should I change my antivirus program?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
TolomirAdministratorCommented:
I would to a signature update 1st and check some files on virustotal.
0
 
EirmanChief Operations ManagerAuthor Commented:
I checked reg.exe on virustotal as suggested Tolomir .... Absolutely no infection.

I updated Avira ... same results
0
 
TolomirAdministratorCommented:
ok, you could then try a different antivirus solution, a good free start is
Microsoft Security Essentials

I'm using bitdefender anti virus, but pick the best snakeoil, you can get ;-)
0
 
aadihCommented:
Disable MBAM's real-time protection. (You should not have two running at the same time).

Or just run Avira alone (real-time) and use MBAM only to scan and clean when an infection is suspected. Enjoy your PC.

[A long-time Avira user and also of MBAM. I do not use Avira scan, as it hangs at the same point (same file) each time.]
0
 
EirmanChief Operations ManagerAuthor Commented:
Thanks to all and sundry.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now