Results 1 to 7 of 7
  1. #1
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Avast & ShadowProtect

    I awoke this morning to find an Avast warning on my screen that a trojan had been found in ShadowProtectSvc.Exe. Checking to see if my two overnight incremental backups had run and they obviously had not. I booted my system to the SP boot CD and went to my backups on the USB drives for a copy of that file. I went back two weeks, just to be on the safe side. Avast still complains when I reboot the machine and try to right-click on ShadowProtectSvc.Exe. So, I temporarily stopped Avast and did a repair install of SP from the Version 3.2 file. Upon restarting, Avast still warns me about the file. Since I've been running version 3.2 for about a month, I'd have to assume that this is either a NEW trojan or that Avast is yelling a false alarm.

    Does anyone know anything about Win32:CRYPT-BLE ? I'm going Googling now, but I thought I'd throw up a flag here first.

    Edited to add: I forgot to say that I downloaded the Avast cleaner program and it did NOT complain about any files as it went through my drive. I did stop it however after it got well past the Program Files folder.

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Avast & ShadowProtect

    My guess would be that it is a false positive. The Win32:Crypt Trojan is quite old (2004) so it seems very unlikely that it would be able to infect a well-protected PC such as yours.
    It's probably a little error in a recent update of Avast's virus definitions, and if so it will no doubt be repaired soon. Keep an eye out though...

  3. #3
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Avast & ShadowProtect

    That's what I'm hoping, false positive that is. Since I let Avast delete the file and then tried again a ShadowProtect repair install and immediately upon hitting that file, Avast start screaming again. Considering how long I've been running SP 3.2 it would have to be a new infestation or a false alarm.

    To Rebel, if you're watching: would you mind asking YOUR AV program to scan that one file, please?

  4. #4
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Avast & ShadowProtect

    Just scanned the file with Norton Al and no flags were raised. According to a post on the SP forums, F-Secure Client Security 7.11 is also complaining about the ShadowProtectSvc.Exe file.
    edited to add: Googling reveals that other security products are also targeting the SP file. Hopefully this gets straightened out very soon.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  5. #5
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Avast & ShadowProtect

    Thanks for the "restful" response, John. I had to leave for "work" and didn't have time to do any more with it this morning. Just now when I came in I ran a manual update on Avast and there is a new database dated today and it seems to fix the problem. Having deleted the "bad" file this morning, just in case, I did another repair install of SP just now and scanned the file with the updated Avast without incident. Unfortunately I missed my two incrementals last night but I think I'll make it.

    For the benefit of any Avast users who may read this, the database this morning was 080511-0 dated May 11, 2008. It has been updated to 080512-0 dated May 12, 2008. And for the record, this is the FIRST time I've had a problem with Avast in almost two years so it is not an "indictment" of the product. I think I'll pay a visit to their site to see if there's any mention of this.

    Now, back to my Vista self-tutorials...

  6. #6
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Avast & ShadowProtect

    There were posts not only on the SP forum but Avast as well, so I guess I just got up on the wrong side of the bed this morning! <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    Our inimitable Nate said something about checking the digital signature of the file (see attached) but unfortunately when Avast had it flagged as bad, I couldn't get to the properties tab of the file to do that.

    The repair install I had to do blew away my two scheduled jobs, but I just ran a couple more full images and scheduled the incrementals for overnight for the rest of the week - takes only 30-45 minutes, right?
    Attached Images Attached Images

  7. #7
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Avast & ShadowProtect

    I guess there were several AV's that registered the false positive. As Nate indicated, many of the AV companies share virus signatures and that's why these all appeared today. Everything should be cleared up shortly.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •