MarkAW Posted December 21, 2012 After this mornings Def update two of my systems that have SAS started flagging Avast as a trojan. So i ran scans on all of my systems and all that have SAS installed on them are flagging my Avast antivirus as the above trojan agents. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 12/21/2012 at 10:39 AM Application Version : 5.6.1014 Core Rules Database Version : 9775 Trace Rules Database Version: 7587 Scan type : Complete Scan Total Scan Time : 00:27:36 Operating System Information Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 666 Memory threats detected : 3 Registry items scanned : 37323 Registry threats detected : 12 File items scanned : 36014 File threats detected : 9 Trojan.Agent/Gen-Siggen HKLM\System\ControlSet001\Services\ASWFSBLK C:\WINDOWS\SYSTEM32\DRIVERS\ASWFSBLK.SYS HKLM\System\ControlSet001\Enum\Root\LEGACY_ASWFSBLK HKLM\System\ControlSet002\Services\ASWFSBLK HKLM\System\ControlSet002\Enum\Root\LEGACY_ASWFSBLK HKLM\System\CurrentControlSet\Services\ASWFSBLK HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ASWFSBLK C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWIDLE.DLL C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWIDLE.DLL C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SETUP\INF\ASWFSBLK.SYS Trojan.Agent/Gen-Agent HKLM\System\ControlSet001\Services\AVAST! ANTIVIRUS C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE HKLM\System\ControlSet001\Enum\Root\LEGACY_AVAST! ANTIVIRUS HKLM\System\ControlSet002\Services\AVAST! ANTIVIRUS HKLM\System\ControlSet002\Enum\Root\LEGACY_AVAST! ANTIVIRUS HKLM\System\CurrentControlSet\Services\AVAST! ANTIVIRUS HKLM\System\CurrentControlSet\Enum\Root\LEGACY_AVAST! ANTIVIRUS C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SCREENHOOKS32.DLL C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SETUP\INF\ASWRDR.SYS Trojan.Agent/Gen-Agentsmall C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AHRESJS.DLL C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AHRESJS.DLL C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWRUNDLL.EXE C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\DEFS\12122100\FWAUX.DLL Share this post Link to post Share on other sites
frits73 Posted December 21, 2012 This is happening to me also. I do use Avast. Hope SAS answers this topic right away. Share this post Link to post Share on other sites
Samantha83 Posted December 21, 2012 Same thing is happening on my computer, only Avast! Has been disabled (after I restarted via the SAS scan results). Share this post Link to post Share on other sites
webrooster Posted December 21, 2012 Same thing has happened to me, I also use Avast. Currently running a scan, and 4 different trojans detected, all related to Avast software. I foresee problems if I allow all this to be quarantined. This needs a quick response from SAS. Share this post Link to post Share on other sites
cpbunch Posted December 21, 2012 Same thing here as well. I cancelled the scan and will await reponse before doing anything else. Share this post Link to post Share on other sites
SouthernKittyComputing Posted December 21, 2012 I have Alot of Customers that are having this issue and I have to stand behind it without pay Because i Recommend SAS and Avast I Can't have 2 Programs I Recommend Disabling each other. Share this post Link to post Share on other sites
captainron276 Posted December 21, 2012 Having the same problem. I uninstalled Avast for now and installed MSE. I also had problems with false positives with Chrome so I have turned SAS off until they get this fixed. Share this post Link to post Share on other sites
MarkAW Posted December 21, 2012 Since posting this i have run scans on my systems with Malwarebytes Anti-Malware 1.70.0.1100 and HitmanPro 3.7.0 build 185 and neither program found anything. HitmanPro 3.7.0.185 www.hitmanpro.com Computer name . . . . : Windows . . . . . . . : 6.1.1.7601.X86/2 User name . . . . . . : UAC . . . . . . . . . : Enabled License . . . . . . . : Scan date . . . . . . : 2012-12-21 12:45:20 Scan mode . . . . . . : EWS Scan duration . . . . : 3m 32s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 797,827 Files scanned . . . . : 8,773 Remnants scanned . . : 224,231 files / 564,823 keys Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.21.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16439 [administrator] Protection: Enabled 21/12/2012 12:45:59 PM mbam-log-2012-12-21 (12-45-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 199517 Time elapsed: 12 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Share this post Link to post Share on other sites
captainron276 Posted December 21, 2012 We have had two updates in the last hour. I think they have it fixed. " Database Version 9777 - 12-21-2012 Trojan.Agent/Gen 1 Items Added/Updated Trojan.Agent/Gen-Dropper 2 Items Added/Updated Trojan.Agent/Gen-FakeAlert 1 Items Added/Updated Trojan.Agent/Gen-FakeAV 1 Items Added/Updated Trojan.Agent/Gen-Frauder 1 Items Added/Updated Database Version 9776 - 12-21-2012 Trojan.Agent/Gen-FakeAV 1 Items Added/Updated Trojan.Agent/Gen-Inject 1 Items Added/Updated Trojan.Agent/Gen-KillAV 1 Items Added/Updated Trojan.Agent/Gen-Klez 1 Items Added/Updated Trojan.Agent/Gen-Rimecud 1 Items Added/Updated Trojan.Agent/Gen-Spy 1 Items Added/Updated Trojan.Agent/Gen-Tepfer 1 Items Added/Updated" Share this post Link to post Share on other sites
cpbunch Posted December 21, 2012 Thank you! I downloaded/applied the updates and that seemed to have fixed the popups about Avast. Share this post Link to post Share on other sites
MarkAW Posted December 21, 2012 We have had two updates in the last hour. I think they have it fixed. " Database Version 9777 - 12-21-2012 Trojan.Agent/Gen 1 Items Added/Updated Trojan.Agent/Gen-Dropper 2 Items Added/Updated Trojan.Agent/Gen-FakeAlert 1 Items Added/Updated Trojan.Agent/Gen-FakeAV 1 Items Added/Updated Trojan.Agent/Gen-Frauder 1 Items Added/Updated Database Version 9776 - 12-21-2012 Trojan.Agent/Gen-FakeAV 1 Items Added/Updated Trojan.Agent/Gen-Inject 1 Items Added/Updated Trojan.Agent/Gen-KillAV 1 Items Added/Updated Trojan.Agent/Gen-Klez 1 Items Added/Updated Trojan.Agent/Gen-Rimecud 1 Items Added/Updated Trojan.Agent/Gen-Spy 1 Items Added/Updated Trojan.Agent/Gen-Tepfer 1 Items Added/Updated" Yup just downloaded and installed the second update and it seems to have worked. Thanks Share this post Link to post Share on other sites
Nikilet Posted December 21, 2012 I too am having problems, but mine seem a little more complicated than what I've read below. I have been using the free SUPERAntiSpyware for quite a long time and finally purchased it. If this isn't fixed, I want my money back. On my main desktop, after I scanned and then quarantined/removed these Trojan infections, I rebooted and that action completely disabled Avast. I had to go through the whole process of uninstalling and reinstalling, and then everything was fine, until I opened SAS, when I got the warning window all over again. I just disabled it. I have an older Gateway laptop on which I also have SAS and Avast. When I scanned I got the same 16 Trojan infections found on my desktop. After quarantining then I did NOT reboot. Avast continued to work; I did a scan with it. When I rescanned with SAS it showed that nothing was found. However, back to my desktop, where the problem doesn't seem to be going away. It seems to have gotten rid of the problem on my little laptop, but not on my desktop. I just opened SAS again and clicked to scan. It is finding the problems all over again and I've got the warning again. I can't seem to attach a file here. Every time I try it says: Error The server returned an error during upload. Update: I downloaded and installed the updates mentioned above, but so far SAS is still finding 3 of these Trojans. Update: I ran SAS yet again and this time it came out clear. Now I just hope when I have to restart it doesn't disable my Avast again. Share this post Link to post Share on other sites
Boa999 Posted December 21, 2012 1:25 PM Just did a manual update but still is detecting ASWFSBLK.sys as a Trojan Share this post Link to post Share on other sites
humblejerome Posted December 21, 2012 Trust the selected items and re-scan. You may have to re-install Avast if SAS has cleaned it already to replace missing files.You may not be able to trust items once they have been cleaned. uninstall Avast, Uninstall SAS. Re-install Avast first, then re- install SAS, Run scan and then you can trust items. Like This Quote MultiQuote Edit Share this post Link to post Share on other sites
geoff Posted December 21, 2012 Hi All, We're still investigating what happened in the release procedure to cause this false positive issue. The offending definitions have been removed completely from the database. My sincerest apologies for the false alarm. Thanks, Geoff Share this post Link to post Share on other sites
Nikilet Posted December 21, 2012 I posted earlier. Thought everything was ok. Then I had to do a restart and after that Avast is again completely disabled. I'm running a scan with SAS right now. It did not find any of these avast-related Trojans so I don't know what's going on. I guess I will uninstall SAS, uninstall Avast again and then reinstall both and see what happens. UPDATE: I just un- and reinstalled Avast for the second time today, and un- and reinstalled SAS. I did a scan with SAS and all was ok. Now I'm going to do a restart again and if I have to start this process for a third time I may have to say good-bye to SAS. Share this post Link to post Share on other sites
Peaty Posted December 21, 2012 try this, right click on the SAS bug in the tray, select "View Blocked Spyware Applications" and see if SAS is still blocking Avast. Mine was and I selected it and said to unblock it. Share this post Link to post Share on other sites
jacobmartin355 Posted January 31, 2013 (edited) Hi guyz, i am here also for saying something about Trojan.Agent/Gen-Siggen. I have been also infected by this trojan. It is very critical and also it is very difficult to remove from PC. But, i have a solution by which i have completely removed this trojan from my PC. I hope all of you can also remove this threat from your PC with this process. The process is: You have to update your PC by regularly applying patches and fixes provided by windows. You should have a powerful antivirus program installed and updated. You have to install a strong firewall program in your security system. By these tricks, you can get rid of this vicious threats completely. Link removed - Moderator Edited January 31, 2013 by GuiltySpark shameless self prom Share this post Link to post Share on other sites