• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1440
  • Last Modified:

AVIRA: Over-Enthusiastic Hueristics?

I have no reason to suspect that this Win7 PC is infected.
I always have realtime protection and updates running with Avira & Malwarebytes
This is what I get when I scan with Avira. (Heuristics set to default - medium)
I didn't run any repairs.

C:\Windows\regedit.exe
  [DETECTION] Contains suspicious code HEUR/Modified.SystemFile
  [NOTE]      The detection was classified as suspicious.
  [WARNING]   The file was ignored.

Ditto for these ......
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\regsvr32.exe
C:\Windows\system32\mshtml.dll
C:\Windows\system32\dnsapi.dll
C:\Windows\system32\d3d9.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\system32\aclui.dll
C:\Windows\system32\dsound.dll
C:\Windows\system32\imm32.dll
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\drivers\beep.sys
C:\Windows\system32\kernel32.DLL
C:\Windows\system32\gdi32.DLL
C:\Windows\system32\user32.DLL
C:\Windows\system32\advapi32.DLL
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\alg.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\ws2_32.DLL
C:\Windows\system32\wsock32.DLL
C:\Windows\system32\wininet.DLL
C:\Windows\system32\smss.exe
C:\Windows\explorer.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe

Can I believe any of this ?
0
Eirman
Asked:
Eirman
  • 3
  • 3
  • 2
3 Solutions
 
TolomirAdministratorCommented:
you can simply upload one of those files to https://www.virustotal.com/ and let it check by a bunch of antivirus tools.

This will tell you if avira is having the same issues like avast today on android with a wrong virus pattern signature file claiming all programs are infected..
0
 
aadihCommented:
I believe, "[you] have no reason to suspect that this Win7 PC is infected."

BTW, You don't have real-time protection on for both of them (Avira and MBAM). Do you? If yes, disable on of them.
0
 
EirmanAuthor Commented:
You don't have real-time protection on for both of them (Avira and MBAM)
I do. I didn't think that they conflicted. Which should I disable?

Should I change my antivirus program?
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
TolomirAdministratorCommented:
I would to a signature update 1st and check some files on virustotal.
0
 
EirmanAuthor Commented:
I checked reg.exe on virustotal as suggested Tolomir .... Absolutely no infection.

I updated Avira ... same results
0
 
TolomirAdministratorCommented:
ok, you could then try a different antivirus solution, a good free start is
Microsoft Security Essentials

I'm using bitdefender anti virus, but pick the best snakeoil, you can get ;-)
0
 
aadihCommented:
Disable MBAM's real-time protection. (You should not have two running at the same time).

Or just run Avira alone (real-time) and use MBAM only to scan and clean when an infection is suspected. Enjoy your PC.

[A long-time Avira user and also of MBAM. I do not use Avira scan, as it hangs at the same point (same file) each time.]
0
 
EirmanAuthor Commented:
Thanks to all and sundry.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now