Is this really avast!, or is this malware masquerading as avast!?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by BobLewiston, Jul 6, 2010.

  1. BobLewiston

    BobLewiston Private E-2

    In addition to a bunch of other security software, I've got the free version of avast! Antivirus. I ran a full scan with it late last night. It found nothing. I have also within the past two days run the free versions of Antimalwarebytes' Antimalware, SuperAntiSpyware and Glary Utilities (which includes a Spyware Remover), none of which found anything.

    I just rebooted my computer and went online. When I logged into my web-based email website, I got the following error message:

    "Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.

    C:\Documents and Settings\user\Local Settings\Tem...\CADM8RGP.HTM"

    Positioning the mouse cursor over this path \ filename revealed the full path to be
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2DY059NS.

    This message is in a dialog box which is labeled as, and whose graphics appear consistent with, avast! Antivirus. The dialog box includes two drop-down menus, "Action to take" and "Advanced".

    I've never seen or heard of any such behavior by avast! Antivirus, and I've never heard of any free virus analysis lab run by avast!.

    I have Windows Explorer configured to display all hidden files and folders, as well as to display all system folders, but I can't even see the Content.IE5 folder, nor can I find the file CADM8RGP.HTM anywhere on the disk by doing a search which includes hidden files and folders and system folders.

    I subsequently ran full scans by some of my security software. Antimalwarebytes found nothing. SuperAntiSpyware found nothing but 23 adware tracking cookies (two of them Flash cookies), which it quarantined. Glary Utilities found one item it determined to be spyware,
    HKEY_CLASSES_ROOT\clsid\{8E718888-423F-11D2-876E-00A0C9082467} , which it claimed to rectify. However, this registry item was right back again upon rebooting.

    And avast! itself found nothing. That doesn't mean much however, as I had spaced out and already run Glary Utilities, which wiped out all the temporary internet files.

    Anyway, I was afraid to click on either of the drop-down menus of this supposed avast! dialog box for fear that the dialog box is actually generated by malware.

    Any comments or suggestions? Was this dialog box really generated by avast!? Should I just go through the whole process given in the Malware Removal Guide again? I just did that about a month ago, at which time no malware was found.
     
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds