Prev: Laptop don't boot
Next: Hmmmm
From: steve0029 on 6 Dec 2006 05:32
Hi all,

I was wondering if I could get some of your opinions on what just
happened to me a little while ago.

I booted up my computer, and connected to the Internet. Upon connecting
My Avast AV program began to download updates as it normally does. Then
something odd happened that's never happned to me before.

I got an alert from my Sygate firewall (v5.6) that said:

---------
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup - A Trojan
horse application has been detected on your computer. It has been
blocked by Sygate Personal Firewall

Trojan horse "IntrusePack 1.27b" detected in C:\Program Files\Alwil
Software\Avast4\Setup\avast.setup, process id: 3780
Description: Fail to terminate the process.
---------

Does this mean my firewall thought Avast was acting as a trojan? I do
scans for viruses and trojans regularly.. and did a few scans
immediately after I got this prompt and they all came up clean. I'm no
expert by any means, but this seems like a false positive to me. Has
anyone here had this happen to them? I'd greatly appreciate any and all
input.

Thank you,
--steve

Here are a few more details..

File Description : C:\Program Files\Alwil
Software\Avast4\Setup\avast.setup
File Path : C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
Process ID : 0xEC4 (Heximal) 3780 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 4.158.132.190
Local Port : 1069
Remote Name : download22.avast.com
Remote Address : 70.86.99.98
Remote Port : 80 (HTTP - World Wide Web)

From: Dr. Abraham van Helsing on 6 Dec 2006 06:23
70.86.99.98

http://www.arin.net/index.shtml

Enter the IP into the Whois Search Box, find out who it is, and then
make a determination, if the contact is malicious or not.

Google can give you information about the company, you can even call the
company.

I suspect it's Sygate and its Application Control whining about nothing.
All personal FW(s) that have App Control, tend to make the end-user
paranoid with much to do about nothing in most cases.

From: David H. Lipman on 6 Dec 2006 17:12
From: <steve0029(a)gmail.com>

| Hi all,
|
| I was wondering if I could get some of your opinions on what just
| happened to me a little while ago.
|
| I booted up my computer, and connected to the Internet. Upon connecting
| My Avast AV program began to download updates as it normally does. Then
| something odd happened that's never happned to me before.
|
| I got an alert from my Sygate firewall (v5.6) that said:
|

< snnip >

False Positive.

It is misiterpreting Alwil Avast's communication with its respective update server.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 | 
Pages: 1
Prev: Laptop don't boot
Next: Hmmmm