Solved

AVIRA: Over-Enthusiastic Hueristics?

Posted on 2014-01-09
8
1,325 Views
Last Modified: 2014-01-09
I have no reason to suspect that this Win7 PC is infected.
I always have realtime protection and updates running with Avira & Malwarebytes
This is what I get when I scan with Avira. (Heuristics set to default - medium)
I didn't run any repairs.

C:\Windows\regedit.exe
  [DETECTION] Contains suspicious code HEUR/Modified.SystemFile
  [NOTE]      The detection was classified as suspicious.
  [WARNING]   The file was ignored.

Ditto for these ......
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\regsvr32.exe
C:\Windows\system32\mshtml.dll
C:\Windows\system32\dnsapi.dll
C:\Windows\system32\d3d9.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\system32\aclui.dll
C:\Windows\system32\dsound.dll
C:\Windows\system32\imm32.dll
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\drivers\beep.sys
C:\Windows\system32\kernel32.DLL
C:\Windows\system32\gdi32.DLL
C:\Windows\system32\user32.DLL
C:\Windows\system32\advapi32.DLL
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\alg.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\ws2_32.DLL
C:\Windows\system32\wsock32.DLL
C:\Windows\system32\wininet.DLL
C:\Windows\system32\smss.exe
C:\Windows\explorer.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe

Can I believe any of this ?
0
Comment
Question by:Eirman
  • 3
  • 3
  • 2
8 Comments
 
LVL 27

Accepted Solution

by:
Tolomir earned 300 total points
ID: 39768339
you can simply upload one of those files to https://www.virustotal.com/ and let it check by a bunch of antivirus tools.

This will tell you if avira is having the same issues like avast today on android with a wrong virus pattern signature file claiming all programs are infected..
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 195 total points
ID: 39768355
I believe, "[you] have no reason to suspect that this Win7 PC is infected."

BTW, You don't have real-time protection on for both of them (Avira and MBAM). Do you? If yes, disable on of them.
0
 
LVL 23

Author Comment

by:Eirman
ID: 39768427
You don't have real-time protection on for both of them (Avira and MBAM)
I do. I didn't think that they conflicted. Which should I disable?

Should I change my antivirus program?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 27

Expert Comment

by:Tolomir
ID: 39768480
I would to a signature update 1st and check some files on virustotal.
0
 
LVL 23

Author Comment

by:Eirman
ID: 39768511
I checked reg.exe on virustotal as suggested Tolomir .... Absolutely no infection.

I updated Avira ... same results
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 39768620
ok, you could then try a different antivirus solution, a good free start is
Microsoft Security Essentials

I'm using bitdefender anti virus, but pick the best snakeoil, you can get ;-)
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 195 total points
ID: 39768825
Disable MBAM's real-time protection. (You should not have two running at the same time).

Or just run Avira alone (real-time) and use MBAM only to scan and clean when an infection is suspected. Enjoy your PC.

[A long-time Avira user and also of MBAM. I do not use Avira scan, as it hangs at the same point (same file) each time.]
0
 
LVL 23

Author Closing Comment

by:Eirman
ID: 39769988
Thanks to all and sundry.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Read about achieving the basic levels of HRIS security in the workplace.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question