ASC PUP detected by Avast 5.0 !!

[blacksea]

I wanted to uninstall Avast 5.0 and then reinstall it. I wanted to uninstall it with the uninstaller of ASC. Then suddenly this Popup came from Avast.

[Melvin_Deal]

Interesting!

 

If you look at the object and the process they would appear to be unrelated!

 

Would appear your machine has an infection: http://www.threatexpert.com/files/mirc.exe.html

 

Or not! This is also a windows file!

 

Probably associated with a startup application. Can you post hijack log please BlackSea?

 

Also suspicious is the named file location Program files / Mirc.

I agree with Pyrath below. Have you downloaded a software that could modify your system to make it faster for chat/streaming? Just asking that's all... trying to eliminate the possibilities!

 

I also agree with detailer... it could be a false positive.

[detailer]

Probably False Poitive

 

Since v.5 just came out,it may not be aware of ASC as a "friendly" I would temporarily disable ASC so the process is not seen running by Avast-then proceed with uninstall.

[pyrath]

mirc.exe is a process belonging to the mIRC Internet Relay Chat utility which allows you to connect to Internet based servers. This is a non-essential process. Disabling or enabling it is down to user preference.

 

 

Across all ThreatExpert reports, the file "mirc.exe" was mostly identified as a threat.

[blacksea]

Most anit-malware programs detects it in the Riskware category They are not directly malicious, but they are often used in conjunction with Malware. This is why the most of the anti-malware programs detect it as a malware.

[blacksea]

If you look at the object and the process they would appear to be unrelated!

 

Would appear your machine has an infection: http://www.threatexpert.com/files/mirc.exe.html

 

Or not! This is also a windows file!

 

Probably associated with a startup application. Can you post hijack log please BlackSea?

 

Also suspicious is the named file location Program files / Mirc.

I agree with Pyrath below. Have you downloaded a software that could modify your system to make it faster for chat/streaming? Just asking that's all... trying to eliminate the possibilities!

 

I also agree with detailer... it could be a false positive.

 

Here is my hijack result.

 

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 17:58:09, on 23-1-2010

Platform: Windows XP (WinNT 5.1)

MSIE: Internet Explorer v6.0 (6.0.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\program files\steam\steam.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AcroIEHelperStub - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253299216203

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe

O23 - Service: (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

 

Yes, I use that program for a game I play named Counterstrike:Source. With mirc we can look for other players who want to have a 'clanwar'. It's commonly used by CS:S players.

 

Blacksea

[Melvin_Deal]

False positive!

 

Your machine looks good Blacksea! No evidence of infection by whats running now.:grin:

 

-Mel

 

The Alert was probably associated with the software you mentioned... You may want to visit Windows and upgrade your explorer to the new version though!!

[blacksea]

Ayee, thank you melvin !

 

Blacksea.

[wozofoz]

Aside

 

I wanted to uninstall Avast 5.0 and then reinstall it. I wanted to uninstall it with the uninstaller of ASC. Then suddenly this Popup came from Avast.

 

Aside: I am certainly no expert and this has probably nothing to do with the problem above but.....

It seems Avast was still runnuing when you tried to un-install it ?

I would guess that any good security software would rightfully protect itself and should be completely shut down before trying to un-install it :?:

 

All the best, woz of oz

[blacksea]

Aside: I am certainly no expert and this has probably nothing to do with the problem above but.....

It seems Avast was still runnuing when you tried to un-install it ?

I would guess that any good security software would rightfully protect itself and should be completely shut down before trying to un-install it :?:

 

All the best, woz of oz

 

Hi woz of oz,

 

I was just at the point to uninstall it. I opened the uninstaller of ASC and then suddenly that popup came appear.

[Melvin_Deal]

Aye Woz!

 

Agreed that Avast must completely be shut down before uninstall!

 

The popup you had is to be ignored!

 

As Woz advises make sure all Avast apps are shut down before uninstall.

 

I'm not sure if the log you posted came after you sucessfully removed and then reinstalled or not. I can only recognize avast entries upon a look but can't tell (as the same, with many softwares they are carried over from one to the next).

 

At the time of your log post... Avast was alive and running in your system. If it was the one you were originally trying to remove... Then shut it down completely... then reinstall!

[blacksea]

You helped me alot!

 

Agreed that Avast must completely be shut down before uninstall!

 

The popup you had is to be ignored!

 

As Woz advises make sure all Avast apps are shut down before uninstall.

 

I'm not sure if the log you posted came after you sucessfully removed and then reinstalled or not. I can only recognize avast entries upon a look but can't tell (as the same, with many softwares they are carried over from one to the next).

 

At the time of your log post... Avast was alive and running in your system. If it was the one you were originally trying to remove... Then shut it down completely... then reinstall!

 

In all my threat I noticed your big help for me. I thank you for that. And also all other and administrators! :-D

 

Cheers

Blacksea.