Hi,
I was wondering if anyone can help regarding an attack that defense caught. It came up with an attack saying that explorer.exe was trying to inject a shell code etc. However it did not tell me if it was a virus or a file that needed to be deleted. I mean my virus scanner (Avast) has not picked anything up and neither has spybot but I am just being cautious is it just an error on explorers behalf or is it an attempted malware etc. Also I did have this once before with a downloaded programme which had a temp file that tried the same thing but of course i terminated it.
Any advice will be great and just to put my mind at ease. Thanks.
Can you remember what you where doing when the alert came ?
Installing software ?
Surfing the web ?
Other ?
Thanks for replying to me. I was just surfing the web and it popped up saying that explorer.exe was trying to change the shell code i think. Lol this all new to me never had that before and no idea what it is was.
Well i asked this question on Yahoo and turned off my system restore and was told to download an alternate anti virus Avira and it found a virus in my sytem volume called TR/Crypt.Xpack.Gen Trojan and i’m abit miffed that Avast never picked it up tought it was on of the best. Well i have quaranteed this now do you think it will be ok to delete it. Thanks again ;D.
can you submit it to http://www.virustotal.com and see what it is? Also shoot me a link of the report from there.
yes please and could you also submit to comodo ?
email
malwaresubmit[at]avlabs.comodo.com, please attach the file password protected if possible.
please use
infected
for the password.
Hi to you both sorry for delay was scanning in safe mode and took a while. Well I have a few files that have been quarntined in Avira as found seven attacks. 6 are trojans 4 are TR/Crypt and one is Tr/Agent which is apparently attached to a software I downloaded form Kaspersky for checking trojans in a dos programme could this be a false positive. Finally last one is a heur/html malware. They have all been quarantined into this programme and don’t know where its been put how do I upload the file to you and also safely so i don’t infect you as never done this before.
On Avira it has an option to send the file by email but unsure if it will be protected sorry for being a pain and I have tried to be extra safe too with my internet security. Any help is most appreciated thanks again.
Edit: I keep getting repated attack by the html/heur malware it keeps being detected and now is the 3rd time since i last posted a few mins ago. Which when checked with malware bytes never picked it up i’m getting confused with all this now. I have worked out that its when i refresh this page i get it come up saying html/heur malware on this web page. Are there issues with Avira and Comodo websites.
Hi Ronny
I have found out this error occurs on internet explorer but not on firefox. All checks have been done as I use malware bytes and super anti-spyware. I have downloaded and run bit defender and also no threats. I am not sure why this happens only on internet explorer and only on this page with the Avira software saying its malware. Of course i know its not but i still quarantine the page its very strange and i am now using firefox instead. Thought you might like to know of this and is bit defender a replacement for Avira?Thanks for the help.
Well it is Heur so it can be a false positive, did you change Aviras Heuristic settings to High lately ?
Can you post a link that the scanner triggers such an alert on ? Then i can have a look at the web code to see why it alerts…
https://forums.comodo.com/virusmalware_removal_assistance/shellcode_injection_attack_help-t39440.0.html;msg286650#msg286650
Its this page we are communicating on and is why i know it is a false positive. Its not Comodo that is having problems its Avira accessing this page above on internet explorer 7 for me. Thanks.
Can you tell me at what level you have the Heuristic detection set for Avira ?
Hi, its on medium setting. Thanks.
here is a pic of the avira warning for this topic
[attachment deleted by admin]
Is it specific this topic ?
Then i guess it triggers on the text used in these posts like
“inject shell code”
Can you report this to Avira as a False Positive ?
I would report it, but I have always tried to learn how to send false positives to avira and never learned, dang!
Found a post here:
Maybe you can follow that advice ?
Ok thanks for all your help Ronny. Take care. ;D
No problem, glad to be of some help.
I follow directions and i didnt find that path, maybe because i have the premium version…I will find some other way I hope.