Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hoax.sms


  • Please log in to reply
8 replies to this topic

#1 Raain

Raain

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 26 May 2013 - 12:47 AM

Hello,

during my latest malwarebytes scan the program picked up a malicious file called 'Hoax.SMS'

i have tried removing the file via malwarebytes but it keeps popping up in scans after my computer reboots.

 

i am running kaspersky internet security (2012) and malwarebytes

also the file path of the malicious file is

C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav12\12.0.0374\avzkrnl.dll

 

is this a false-positive?



BC AdBot (Login to Remove)

 


#2 Torchwood

Torchwood

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hampshire UK
  • Local time:05:49 PM

Posted 26 May 2013 - 08:34 AM

Hi Raain,

is this from the anti-rootkit beta.

Ive just picked it up to on my AV, ASCU, too

 

Roy.



#3 Knot2Brite

Knot2Brite

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 26 May 2013 - 01:55 PM

Hello,

 

Like you I now have this hoax.sms on my, faithful old, windows XP running office 2003. Everything is updated with the latest from Microsoft as are all of my programs.

 

Today when I attempted to use my legally registered program that reads PDF to voice I got an error message from Malwarebytes Pro also legally registered that this beast was here. I do not have a cell phone for texting.

 

My Microsoft security essentials did not alert but Malwarebytes did when I was trying to load my Text Aloud Software. I am currently running a scan on the folder where my downloads have been stored.

 

If anyone finds a clue as to where this dang thing is hiding I hope they will share the information.

 

K2B



#4 Knot2Brite

Knot2Brite

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 26 May 2013 - 04:11 PM

Hello again,

 

At my level of ignorance, extreme caution is important in following my reasoning.

 

I downloaded and ran avast and then ran a couple of scans using Microsoft security essentials. I use JV 16 to scan the registry and did a contents of file as well as filename search for a hoax.SMS. Nothing!

 

I then turned Malwarebytes OFF and proceeded to update my software. None of the shields with avast sounded off with an error message. So I have reached the conclusion that this may be an error with the Malwarebytes software. Now if Torchwood doesn't have MB all bets are off.

 

K2B



#5 Torchwood

Torchwood

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hampshire UK
  • Local time:05:49 PM

Posted 26 May 2013 - 06:43 PM

Hi K2B,

AS i stated in my 1st post this possible FP only appeared in the MB >>> antirootkit beta <<<.

on saturday i had run my weekly checks

Windows defender/ASCU(myAV)/Iobit malware fighter,  AND the standard on demand MB, all came back clean

 

Raains and my FP's will more than likely reoccur as they are both from continually updating AV's not sure about yours K2B

 

Roy


Edited by Torchwood, 26 May 2013 - 07:08 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:49 PM

Posted 26 May 2013 - 10:10 PM

Hello, to get a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

Edited by boopme, 09 January 2014 - 08:57 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Raain

Raain
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 27 May 2013 - 01:11 AM

Hello, i have updated my malwarebytes again and re-scanned my computer and it came back clean, also my kaspersky scan was also clean.

 

so it might have been a false-positive



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:49 PM

Posted 27 May 2013 - 07:59 PM

avzkrnl.dll . This files most often belongs to product Kaspersky Anti-Virus. and were most often developed by company Kaspersky Lab. This files most often have description AVZ Kernel. This file is Dynamic-link Library. This library can be loaded and executed in any running process.                            


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Torchwood

Torchwood

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hampshire UK
  • Local time:05:49 PM

Posted 01 June 2013 - 12:14 PM

Hi Raain ,

and others viewing, update MBAM ARK to re ran and came back clean.

Thanks to the watchers at Malwarebytes.

 

Roy :guitar:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users