Shellcode Injection attack Help


I was wondering if anyone can help regarding an attack that defense caught. It came up with an attack saying that explorer.exe was trying to inject a shell code etc. However it did not tell me if it was a virus or a file that needed to be deleted. I mean my virus scanner (Avast) has not picked anything up and neither has spybot but I am just being cautious is it just an error on explorers behalf or is it an attempted malware etc. Also I did have this once before with a downloaded programme which had a temp file that tried the same thing but of course i terminated it.

Any advice will be great and just to put my mind at ease. Thanks.

Can you remember what you where doing when the alert came ?

Installing software ?
Surfing the web ?
Other ?

Thanks for replying to me. I was just surfing the web and it popped up saying that explorer.exe was trying to change the shell code i think. Lol this all new to me never had that before and no idea what it is was.

Well i asked this question on Yahoo and turned off my system restore and was told to download an alternate anti virus Avira and it found a virus in my sytem volume called TR/Crypt.Xpack.Gen Trojan and i’m abit miffed that Avast never picked it up tought it was on of the best. Well i have quaranteed this now do you think it will be ok to delete it. Thanks again ;D.

can you submit it to and see what it is? Also shoot me a link of the report from there.

yes please and could you also submit to comodo ?


malwaresubmit[at], please attach the file password protected if possible.

please use


for the password.

Hi to you both sorry for delay was scanning in safe mode and took a while. Well I have a few files that have been quarntined in Avira as found seven attacks. 6 are trojans 4 are TR/Crypt and one is Tr/Agent which is apparently attached to a software I downloaded form Kaspersky for checking trojans in a dos programme could this be a false positive. Finally last one is a heur/html malware. They have all been quarantined into this programme and don’t know where its been put how do I upload the file to you and also safely so i don’t infect you as never done this before.

On Avira it has an option to send the file by email but unsure if it will be protected sorry for being a pain and I have tried to be extra safe too with my internet security. Any help is most appreciated thanks again.

Edit: I keep getting repated attack by the html/heur malware it keeps being detected and now is the 3rd time since i last posted a few mins ago. Which when checked with malware bytes never picked it up i’m getting confused with all this now. I have worked out that its when i refresh this page i get it come up saying html/heur malware on this web page. Are there issues with Avira and Comodo websites.

Looks like your still infected, could you please follow this post and see if that cleans up ?

Hi Ronny

I have found out this error occurs on internet explorer but not on firefox. All checks have been done as I use malware bytes and super anti-spyware. I have downloaded and run bit defender and also no threats. I am not sure why this happens only on internet explorer and only on this page with the Avira software saying its malware. Of course i know its not but i still quarantine the page its very strange and i am now using firefox instead. Thought you might like to know of this and is bit defender a replacement for Avira?Thanks for the help.

Well it is Heur so it can be a false positive, did you change Aviras Heuristic settings to High lately ?

Can you post a link that the scanner triggers such an alert on ? Then i can have a look at the web code to see why it alerts…;msg286650#msg286650

Its this page we are communicating on and is why i know it is a false positive. Its not Comodo that is having problems its Avira accessing this page above on internet explorer 7 for me. Thanks.

Can you tell me at what level you have the Heuristic detection set for Avira ?

Hi, its on medium setting. Thanks.

here is a pic of the avira warning for this topic

[attachment deleted by admin]

Is it specific this topic ?

Then i guess it triggers on the text used in these posts like
“inject shell code”

Can you report this to Avira as a False Positive ?

I would report it, but I have always tried to learn how to send false positives to avira and never learned, dang!

Found a post here:

Maybe you can follow that advice ?

Ok thanks for all your help Ronny. Take care. ;D

No problem, glad to be of some help.

I follow directions and i didnt find that path, maybe because i have the premium version…I will find some other way I hope.