Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

AVIRA: Over-Enthusiastic Hueristics?

Posted on 2014-01-09
8
Medium Priority
?
1,409 Views
Last Modified: 2014-01-09
I have no reason to suspect that this Win7 PC is infected.
I always have realtime protection and updates running with Avira & Malwarebytes
This is what I get when I scan with Avira. (Heuristics set to default - medium)
I didn't run any repairs.

C:\Windows\regedit.exe
  [DETECTION] Contains suspicious code HEUR/Modified.SystemFile
  [NOTE]      The detection was classified as suspicious.
  [WARNING]   The file was ignored.

Ditto for these ......
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\regsvr32.exe
C:\Windows\system32\mshtml.dll
C:\Windows\system32\dnsapi.dll
C:\Windows\system32\d3d9.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\system32\aclui.dll
C:\Windows\system32\dsound.dll
C:\Windows\system32\imm32.dll
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\drivers\beep.sys
C:\Windows\system32\kernel32.DLL
C:\Windows\system32\gdi32.DLL
C:\Windows\system32\user32.DLL
C:\Windows\system32\advapi32.DLL
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\alg.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\ws2_32.DLL
C:\Windows\system32\wsock32.DLL
C:\Windows\system32\wininet.DLL
C:\Windows\system32\smss.exe
C:\Windows\explorer.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe

Can I believe any of this ?
0
Comment
Question by:Eirman
  • 3
  • 3
  • 2
8 Comments
 
LVL 27

Accepted Solution

by:
Tolomir earned 1200 total points
ID: 39768339
you can simply upload one of those files to https://www.virustotal.com/ and let it check by a bunch of antivirus tools.

This will tell you if avira is having the same issues like avast today on android with a wrong virus pattern signature file claiming all programs are infected..
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 780 total points
ID: 39768355
I believe, "[you] have no reason to suspect that this Win7 PC is infected."

BTW, You don't have real-time protection on for both of them (Avira and MBAM). Do you? If yes, disable on of them.
0
 
LVL 24

Author Comment

by:Eirman
ID: 39768427
You don't have real-time protection on for both of them (Avira and MBAM)
I do. I didn't think that they conflicted. Which should I disable?

Should I change my antivirus program?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 27

Expert Comment

by:Tolomir
ID: 39768480
I would to a signature update 1st and check some files on virustotal.
0
 
LVL 24

Author Comment

by:Eirman
ID: 39768511
I checked reg.exe on virustotal as suggested Tolomir .... Absolutely no infection.

I updated Avira ... same results
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 39768620
ok, you could then try a different antivirus solution, a good free start is
Microsoft Security Essentials

I'm using bitdefender anti virus, but pick the best snakeoil, you can get ;-)
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 780 total points
ID: 39768825
Disable MBAM's real-time protection. (You should not have two running at the same time).

Or just run Avira alone (real-time) and use MBAM only to scan and clean when an infection is suspected. Enjoy your PC.

[A long-time Avira user and also of MBAM. I do not use Avira scan, as it hangs at the same point (same file) each time.]
0
 
LVL 24

Author Closing Comment

by:Eirman
ID: 39769988
Thanks to all and sundry.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question