Solved

AVIRA: Over-Enthusiastic Hueristics?

Posted on 2014-01-09
8
1,290 Views
Last Modified: 2014-01-09
I have no reason to suspect that this Win7 PC is infected.
I always have realtime protection and updates running with Avira & Malwarebytes
This is what I get when I scan with Avira. (Heuristics set to default - medium)
I didn't run any repairs.

C:\Windows\regedit.exe
  [DETECTION] Contains suspicious code HEUR/Modified.SystemFile
  [NOTE]      The detection was classified as suspicious.
  [WARNING]   The file was ignored.

Ditto for these ......
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\regsvr32.exe
C:\Windows\system32\mshtml.dll
C:\Windows\system32\dnsapi.dll
C:\Windows\system32\d3d9.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\system32\aclui.dll
C:\Windows\system32\dsound.dll
C:\Windows\system32\imm32.dll
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\drivers\beep.sys
C:\Windows\system32\kernel32.DLL
C:\Windows\system32\gdi32.DLL
C:\Windows\system32\user32.DLL
C:\Windows\system32\advapi32.DLL
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\alg.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\ws2_32.DLL
C:\Windows\system32\wsock32.DLL
C:\Windows\system32\wininet.DLL
C:\Windows\system32\smss.exe
C:\Windows\explorer.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe

Can I believe any of this ?
0
Comment
Question by:Eirman
  • 3
  • 3
  • 2
8 Comments
 
LVL 27

Accepted Solution

by:
Tolomir earned 300 total points
ID: 39768339
you can simply upload one of those files to https://www.virustotal.com/ and let it check by a bunch of antivirus tools.

This will tell you if avira is having the same issues like avast today on android with a wrong virus pattern signature file claiming all programs are infected..
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 195 total points
ID: 39768355
I believe, "[you] have no reason to suspect that this Win7 PC is infected."

BTW, You don't have real-time protection on for both of them (Avira and MBAM). Do you? If yes, disable on of them.
0
 
LVL 23

Author Comment

by:Eirman
ID: 39768427
You don't have real-time protection on for both of them (Avira and MBAM)
I do. I didn't think that they conflicted. Which should I disable?

Should I change my antivirus program?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 39768480
I would to a signature update 1st and check some files on virustotal.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 23

Author Comment

by:Eirman
ID: 39768511
I checked reg.exe on virustotal as suggested Tolomir .... Absolutely no infection.

I updated Avira ... same results
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 39768620
ok, you could then try a different antivirus solution, a good free start is
Microsoft Security Essentials

I'm using bitdefender anti virus, but pick the best snakeoil, you can get ;-)
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 195 total points
ID: 39768825
Disable MBAM's real-time protection. (You should not have two running at the same time).

Or just run Avira alone (real-time) and use MBAM only to scan and clean when an infection is suspected. Enjoy your PC.

[A long-time Avira user and also of MBAM. I do not use Avira scan, as it hangs at the same point (same file) each time.]
0
 
LVL 23

Author Closing Comment

by:Eirman
ID: 39769988
Thanks to all and sundry.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now