Salenai

So, on Bleepingcomputer they helped me, but.. https://www.bleepingcomputer.com/forums/t/707078/avast-found-htmlscam-p-phish/page-2#entry4897881 Virus/file came back for some reason and I keep seeing it again. What should I do? I produced new farbar logs right after virus was found. I am attaching them to this post. I did not put it in chest or delete it (which doesnt work anyway). Can you look at these logs please? Avast doesnt show me file location or file name, just name of infection. And Eset Online scanner doesnt even find it, nothing finds it, not roguekiller,malwarebytes,malwarebytes anti rootkit, only Avast. FRST.txt Addition.txt

Avast is antivirus I use normally but I usr also eset online scanner since I had best results with finding viruses with it. Do you think I got infected somehow or were my logs clean? Why does avast still sometimes finds this "virus"? Am I still infected or dealing with false positive? Yeah, I will let you know edit: What I meant to say at beginning is, Avast despite saying that it blocked threat has not really blocked it apparently since it keeps showing up during scanning. It does not always show however. Not sure what triggers this virus to show up. is there any chance that this was all false positive from avasts side?

Hi, I regularly scan my pc and dont visit dangerous sites, so not sure how I got this,budt avast found HTML:Scam-P [Phish], on file or website or dont know what it is called game4853.firdayfun78.live . For scanning I use Roguekiller, Avast, malwarebytes, Malwarebytes mbar (anti rootkit) and Eset Online Scanner. I prefer Eset online scanner over normal Eset antivirus because it does superb job at detecting viruses. But for some reason it does not detect this virus, it keeps showing up only on avast and nowhere else. And it keeps showing up even after deleting it after scan with Avast. Sometimes it shows up and sometimes it doesnt, but only on avast. Sooo, I have not really logged in anywhere since previous scan (not this one), except for Steam (only on program and not on browser). Do I need to change my Steam password or not? Or doest this "virus" affect only webbrowser? I use mozilla. Thanks. This is what avast finds.

Thanks a lot so,they belong to avast,right? i deleted them from safe mode, EOS doesnt find them anymore.

Wait, so,this is not false positive? This is an actual malware? Is it dangerous?and how come it showed up now and not before during scan that I took a week ago (during this week I have not used PC at all and had it turned off). So, do you recommend me to uninstall Avast, remove detections and install another antivirus? I managed to delete it during Safe Mode, if they will not show up now during normal scan, can I keep Avast? Thanks

Hello, My Avast license has expired, once that happened, after couple of days I decided to scan my computer as I always do, with Eset, Roguekiller, Malwarebytes, Mbar, and Avast. I scan with only one thing at a time. Eset for some reason (almost certainly false positive) found this: C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potenciálne zneužiteľná aplikácia chyba pri mazaní (Prístup odmietnutý) C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-94f.vpx Win32/Bundled.Toolbar.Google.D potenciálne zneužiteľná aplikácia chyba pri mazaní (Prístup odmietnutý) So,according to this, there is Bundles.Toolbar.Google.D and it cannot be deleted by Eset Online Scanner. (for info, I use Eset Online scanner only as a one time use, IMO it shows better results than regular Eset). I also scanned files with virustotal and nothing shows up: https://www.virustotal.com/gui/file/52aa6ad3ac357075d8ff55cca5931cc8388966a840302a2b484c79f3c4d104d4/detection and https://www.virustotal.com/gui/file/52aa6ad3ac357075d8ff55cca5931cc8388966a840302a2b484c79f3c4d104d4/detection I had my computer turned off during last couple of days, and last time I had it turned on I also scanned it, it was at the time I had Avast License,and nothing was found. So,basically, it was turned off, there was nothing that could have infected it since last scan. Only Avast license has expired,and antivirus/antimalware programs, including Eset Online Scanner received updates. So this probable false positives came with new update for Eset Online Scanner. I attached Eset report file and also packed both files that show up as positive. Is this please false positive? Thanks eset.txt pack.zip

I tried testing those files by uploading them to virustotal and they came back completely clean (they were scanned by 57-59 antivirus programs). Btw there are another 4 McBuilder.exe files in Wow64 subfolder of the WinSxS folder. I scanned both Amd64 and WoW64 .exe files through virustotal and they all came back clean. I uploaded them to microsoft file detection and they are reviewing/scanning them.

So, it was probably false positive, right?

Thanks,now this is something I liked to hear :). I asked a friend of mine if he has such file (McBuilder.exe) in WinSxS folder in their particular subfolders and he has one, itman has 2, I had 4,now after detection by eset only 3. I guess it is part of windows. I know there was a big update for win 10 on 13th of september, I had 3 folders created containing McBuilder.exe during days afterwards. The one that was detected as (probably) false positive by eset was created on 17th of september. i tried uploading 2 McBuilder.exe fromctheir folders (the ones with tiny size) files to virustotal and it was not detected by anything,third one has over 90 mbs and I was unable to upload it there due to size.

If this is truth then this is very insulting towards rest of users of your products. This forum is called: Malware detection and cleaning. Therefore it is general forum for all of your products, not just selected. There is also a forum called: Eset online scanner ESET Internet Security & ESET Smart Security Premium Here it makes sense that you would write something like this, but it is not a section of forum where I posted my thread. I posted it in general forum and got refused to get help. Nice. And btw, I tried comparing both normal Eset and Eset online scanner and chose to use Eset Online Scanner because it performs much better in detection than classic Eset. Thanks a lot for your "help".

I had 4 mcbuilder.exe files before,now I have 3. One is 3,041 bytes, another 2,929 bytes, another 91,136 bytes. Fourth one was deleted due to Eset. I use eset online scanner and im unable to do it :/. Should I send other 3 files for analysis or is it not needed? Thx

Please, is it false positive,mcbuilder.eze is a normal part of windows,right?thx

I am unable to retrieve this file unfortunately, I only saved a log of the scan. I tried. Only info I have about it is from the log, and I copied the contents of the log here,basically it is just that one line. Does it seem like a false positive to you? Mcbuilder.exe is a normal part of windows, or? Thanks

Hi, I just scanned my computer with Eset Online Scanner and it found this: C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.17134.165_none_fba14b370afb4d95\mcbuilder.exe pravdepodobne neznámy CRYPT.COM vírus zmazaný *probable Crypto.com virus* in english I am unable to recover it because it is deleted but still, I do not tend to visit unsafe websites or anything. Is this known false positive? Thanks.

May I upload the file here? Gmail doesnt allow me to upload password protected files, they have a security measure. I keep getting message Blocked for security reasons! Or can you just look at non password protected,but zipped file which I sent before through email?

I put into title of the mail False positive, but it may or may not be. I think it is since files was downloadrd through official Wakfu launcher,therefore directly from devs of the game.

I figured it is possible actually, but I have to get file out of quarantine. Marcos or Itman, I zipped the file, and will send it for analysis. Is setting up a password required or can I skip this? I didnt set up password, but I have just sent the file for analysis. Please let me know of you got it and if it is false positive. Thank you.m

Im using Eset Online scanner. The scanner that is for one time use. How can I do that?

It is variant of Java/Kryptik.UF Located in steamapps/common/wakfu/game/lib/wakfu-client.jar Im unable to attach file because it is n quarantine. Is this false positive? Im pretty sure it is unless company that made wakfu intentionally put virus among their update files.

Hi, I have steam and I installed mmorpg Wakfu through it. After I launched it, client opener and started patching the game. Later I scanned my computer with Eset Online scanner and ir found trojan virus Kryptik.uf in wakfu-client.jar file Is this false positive? My guess is that it is since I used steam and it used official game client which downloaded all files and updates from their servers. But may you please verify this to me? Thx