You are viewing our Forum Archives. To view or take place in current topics click here.
Virus Issue - Please help!
Posted:
Virus Issue - Please help!Posted:
Status: Offline
Joined: Aug 08, 201112Year Member
Posts: 1,298
Reputation Power: 71
Hey,
Recently i've been having some trouble with my anti-virus software. I use Avast! and Malwarebytes Anti-Malware. It has recently been detecting some files as being viruses. A couple of days ago, it said that the 'Unity Web Player' was a virus (I know it isn't because Unity is a legitimate company and I know what the web player is). I have now just recieved the following alert from MalwareBytes Anti-Malware:
[ Register or Signin to view external links. ]
It's saying that Skype is a virus?
Please could someone give me some advise on what to do? There are no other symptoms on my computer that would suggest there is a harmful virus (such as passwords being stolen, blue screens, crashes ect). I just recieved this false positive even after doing a full system scan and boot-time scan a few days ago.
Thanks in advance, will +REP for all help.
Pin
Recently i've been having some trouble with my anti-virus software. I use Avast! and Malwarebytes Anti-Malware. It has recently been detecting some files as being viruses. A couple of days ago, it said that the 'Unity Web Player' was a virus (I know it isn't because Unity is a legitimate company and I know what the web player is). I have now just recieved the following alert from MalwareBytes Anti-Malware:
[ Register or Signin to view external links. ]
It's saying that Skype is a virus?
Please could someone give me some advise on what to do? There are no other symptoms on my computer that would suggest there is a harmful virus (such as passwords being stolen, blue screens, crashes ect). I just recieved this false positive even after doing a full system scan and boot-time scan a few days ago.
Thanks in advance, will +REP for all help.
Pin
#2. Posted:
Status: Offline
Joined: Aug 22, 201013Year Member
Posts: 3,110
Reputation Power: 171
Status: Offline
Joined: Aug 22, 201013Year Member
Posts: 3,110
Reputation Power: 171
Either someone was sending you something malicious over skype, or someone linked something in some chat. I'm not sure if this is 100% sure it's either one, but they are possibilities.
- 0useful
- 0not useful
#3. Posted:
Status: Offline
Joined: Aug 08, 201112Year Member
Posts: 1,298
Reputation Power: 71
IMMERSIVE wrote Either someone was sending you something malicious over skype, or someone linked something in some chat. I'm not sure if this is 100% sure it's either one, but they are possibilities.
I don't think this is the problem as I am always appearing offline on Skype and nobody sends/sent me messages on Skype.
- 0useful
- 0not useful
#4. Posted:
Status: Offline
Joined: Apr 09, 201113Year Member
Posts: 4,993
Reputation Power: 14221
Motto: Wow crazy USA hamburger yes
Motto: Wow crazy USA hamburger yes
Status: Offline
Joined: Apr 09, 201113Year Member
Posts: 4,993
Reputation Power: 14221
Motto: Wow crazy USA hamburger yes
Skype is P2P, I get alerts like that once in a while from random P2P programs. Also, why did you block the port in your screen shot?
- 1useful
- 0not useful
#5. Posted:
Status: Offline
Joined: Aug 08, 201112Year Member
Posts: 1,298
Reputation Power: 71
-Mashiro wrote Skype is P2P, I get alerts like that once in a while from random P2P programs. Also, why did you block the port in your screen shot?
I'm not sure why I blocked it. I don't know much about networking and have no idea what the 'port' is. I figured that I might as well block it out in-case someone could use it maliciously against me. Do you know what the port is? I'm interested now lol.
I think (if I can remember correctly) that my anti virus said that the unity web player was a 'win32 gen' virus (or something along those lines). Does anyone know how I can deal with this type of virus? Apparently it's one that an anti-virus utility can't remove fully.
Thanks
- 1useful
- 0not useful
#6. Posted:
Status: Offline
Joined: Apr 09, 201113Year Member
Posts: 4,993
Reputation Power: 14221
Motto: Wow crazy USA hamburger yes
Motto: Wow crazy USA hamburger yes
Status: Offline
Joined: Apr 09, 201113Year Member
Posts: 4,993
Reputation Power: 14221
Motto: Wow crazy USA hamburger yes
Pin wrote-Mashiro wrote Skype is P2P, I get alerts like that once in a while from random P2P programs. Also, why did you block the port in your screen shot?
I'm not sure why I blocked it. I don't know much about networking and have no idea what the 'port' is. I figured that I might as well block it out in-case someone could use it maliciously against me. Do you know what the port is? I'm interested now lol.
I think (if I can remember correctly) that my anti virus said that the unity web player was a 'win32 gen' virus (or something along those lines). Does anyone know how I can deal with this type of virus? Apparently it's one that an anti-virus utility can't remove fully.
Thanks
You could have downloaded a fake, infected version of Unity Web Player, did you download it from the official Unity website? It also could have been picked up as a false positive, Win32.gen = generic virus.
As for the port question, ports are what programs use to connect to your router, which connects to you. Blocking the port number was unnecessary, as you can't do anything with a port number. (everyone uses them) It's not really important that you note the port number, especially since you don't know much about it. It's really only useful if you are using a program that gets flagged as malicious when it really isn't. For example, if I had a less common FTP program that I used to transfer backups from a remote server to my PC, and I received an alert from MBAM saying "ftprogram.exe" was detected using port: 21 (default FTP port), I'd know that it was actually the program I was using and not a virus. You didn't have to block the IP either, the IP it's showing is the IP MBAM blocked connection to, not your own IP. In fact, showing the IP would have helped, I could have looked it up to see where it leads and/or if it's a known malicious IP.
Also, Malware Bytes blocks by the process, not the program. You should have asked "Why is my anti-virus block this process?" and not "Is Skype a virus?" because you don't know for sure if it's Skype. I could -- for example, write up a quick script right now that's named "chrome.exe" that makes your computer reboot. Did I actually make Chrome run? No, I made a virus with the name "chrome.exe" run. You should always pay attention to the process name and location. If you are skeptical, take a peek at Task Manager and look for any duplicate process names, if anything seems out of the ordinary, open the file location and see where it's saved. If "chrome.exe" is located in "App Data \ Roaming" and not "Program Files (x86) \ Google \ Chrome \ Application" then you know something is wrong.
Then of course there are complex things like extension spoofing / file encryption / binding etc but there is a slim chance you'd run into that. Usually these are used by individuals who infect others for malicious gain, it's not something you'd run into if lil bro clicked on an advertisement from free games.
- 1useful
- 0not useful
#7. Posted:
Status: Offline
Joined: Aug 08, 201112Year Member
Posts: 1,298
Reputation Power: 71
-Mashiro wrotePin wrote-Mashiro wrote Skype is P2P, I get alerts like that once in a while from random P2P programs. Also, why did you block the port in your screen shot?
I'm not sure why I blocked it. I don't know much about networking and have no idea what the 'port' is. I figured that I might as well block it out in-case someone could use it maliciously against me. Do you know what the port is? I'm interested now lol.
I think (if I can remember correctly) that my anti virus said that the unity web player was a 'win32 gen' virus (or something along those lines). Does anyone know how I can deal with this type of virus? Apparently it's one that an anti-virus utility can't remove fully.
Thanks
You could have downloaded a fake, infected version of Unity Web Player, did you download it from the official Unity website? It also could have been picked up as a false positive, Win32.gen = generic virus.
As for the port question, ports are what programs use to connect to your router, which connects to you. Blocking the port number was unnecessary, as you can't do anything with a port number. (everyone uses them) It's not really important that you note the port number, especially since you don't know much about it. It's really only useful if you are using a program that gets flagged as malicious when it really isn't. For example, if I had a less common FTP program that I used to transfer backups from a remote server to my PC, and I received an alert from MBAM saying "ftprogram.exe" was detected using port: 21 (default FTP port), I'd know that it was actually the program I was using and not a virus. You didn't have to block the IP either, the IP it's showing is the IP MBAM blocked connection to, not your own IP. In fact, showing the IP would have helped, I could have looked it up to see where it leads and/or if it's a known malicious IP.
Also, Malware Bytes blocks by the process, not the program. You should have asked "Why is my anti-virus block this process?" and not "Is Skype a virus?" because you don't know for sure if it's Skype. I could -- for example, write up a quick script right now that's named "chrome.exe" that makes your computer reboot. Did I actually make Chrome run? No, I made a virus with the name "chrome.exe" run. You should always pay attention to the process name and location. If you are skeptical, take a peek at Task Manager and look for any duplicate process names, if anything seems out of the ordinary, open the file location and see where it's saved. If "chrome.exe" is located in "App Data \ Roaming" and not "Program Files (x86) \ Google \ Chrome \ Application" then you know something is wrong.
Then of course there are complex things like extension spoofing / file encryption / binding etc but there is a slim chance you'd run into that. Usually these are used by individuals who infect others for malicious gain, it's not something you'd run into if lil bro clicked on an advertisement from free games.
Thanks, this was really useful. I did download the web player from Unity's official website so it should hopefully be a false positive.
The same skype alert from MalwareBytes appeared again but unfortunately I closed it and ignored it. If it appears again i'll take note of the IP address. How would you look up if it's malicious?
- 0useful
- 0not useful
#8. Posted:
Status: Offline
Joined: Jun 11, 201013Year Member
Posts: 5,622
Reputation Power: 346
Status: Offline
Joined: Jun 11, 201013Year Member
Posts: 5,622
Reputation Power: 346
It's called a false positive when AV software detects legitimate software as malicious. It usually occurs when you use multiple AV softwares at the same time. Uninstall one of your AV softwares and see if that solves the issue you are having.
- 0useful
- 0not useful
You are viewing our Forum Archives. To view or take place in current topics click here.