Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira constantly blocks something trying to access my registry


  • Please log in to reply
28 replies to this topic

#1 IHateAbnormalities

IHateAbnormalities

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 07 June 2017 - 06:16 PM

After I attempted a Java update for the first time in a long while, nothing happened. Avira then blocked a suspicious attempt to access my registry not long after that. After I tried to update Java again, Avira started doing the same thing as the update was ongoing and was completed. It was getting scary seeing Avira block something trying to access the registry continuously for 30 minutes at a time. Given Avira's well-regarded reputation as being great at detecting malware, I suspected that something had backed itself up in my System Volumte Information folder, which Avira can't scan, so I disabled System Restore. Avira stopped trying to block suspicious attempts to access my registry after that, but I want to make sure that I'm safe and would like a second or even third look from other people. I've done a Full System Scan with Avira, and it detected nothing. What should I do?


Edited by IHateAbnormalities, 07 June 2017 - 06:25 PM.


BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 07 June 2017 - 06:32 PM

What did the Avira logs say was being blocked?

 

What do you have selected in the Avira Threat Categories list?


Edited by jwoods301, 07 June 2017 - 06:38 PM.


#3 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 07 June 2017 - 06:39 PM

It just had an alert saying that a suspicious attempt to access my registry had been blocked. I don't see any logs about this.



#4 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 07 June 2017 - 06:46 PM

Download and run the free version of Malwarbytes.

 

https://www.malwarebytes.com/premium/

 

Select Custom Scan, check all options.



#5 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 07 June 2017 - 10:56 PM

Malwarebytes didn't pick up anything either. Maybe I've just been spooked, but I'm afraid of enabling System Restore again.



#6 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 07 June 2017 - 10:58 PM

You should have System Restore enabled.

 

You didn't report back what the settings were for the Avira Threat Categories list, but the defaults shoud be fine.


Edited by jwoods301, 07 June 2017 - 10:59 PM.


#7 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 08 June 2017 - 03:14 PM

Okay, I'll enable System Restore. Do you want me to do a second scan with Malwarebytes? Nevermind, I'll do it again just to be safe.

 

IIRC, I checked everything under the Avira Threat Categories list. I can't check now because I forgot the password I set up for Avira's configuration.



#8 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 08 June 2017 - 03:59 PM

I suspect if  the Applications Threat Category was checked, it did not like what the Java installer was doing.

 

Is there a reason you need Java installed on your computer?

 

It is a big malware magnet.



#9 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 08 June 2017 - 04:36 PM

There is no need for me to have Java installed. I'll remove it if you think it'd be better to get rid of it.



#10 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 08 June 2017 - 06:36 PM

Okay, Malwarebytes again picked up nothing, and I uninstalled Java. I'm still feeling insecure because of Avira had been doing though.



#11 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 08 June 2017 - 06:40 PM

Okay, Malwarebytes again picked up nothing, and I uninstalled Java. I'm still feeling insecure because of Avira had been doing though.

Check the Threat Categories...you may have them all selected.

 

Read the Avira Help and see what each one of them looks for.

 

If you were seeing this on a frequent basis, there would be reason for concern.

 

Otherwise, you should be doing frequent full disk image backups and keeping a copy stored offline somewhere in case "anything" (malware, ransomware, disk failure, etc.) happens.



#12 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 09 June 2017 - 07:47 PM

As I said, I set a password for Avira's configuration and forgot what it was. Therefore, I can't check the settings, but I do believe I checked off every threat category.

 

I guess I should try to do full disk image backups as you said.



#13 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 09 June 2017 - 07:55 PM

As I said, I set a password for Avira's configuration and forgot what it was. Therefore, I can't check the settings, but I do believe I checked off every threat category.

 

I guess I should try to do full disk image backups as you said.

 

https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/958



#14 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 20 June 2017 - 06:22 PM

That link doesn't help. I came across this: https://answers.avira.com/en/question/i-forgot-the-password-for-avira-product-configuration-what-can-i-do-9292?sh=true

No one gave an appropriate answer.

 

I also downloaded a software firewall, PrivateFirewall 7.0, and it said that svchost.exe tried to connect to the internet today. Is it normal for the hosts file to attempt to connect to the internet?


Edited by IHateAbnormalities, 20 June 2017 - 06:22 PM.


#15 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 20 June 2017 - 06:31 PM

There can be multiple instances of svchost.exe running on your system, and each instance of svchost can have several processes running inside.

 

Download and run Process Explorer from Sysinternals to get a better picture...

 

https://technet.microsoft.com/en-us/sysinternals/bb896653

 

Simply hover your mouse over each process to get more detail.

 

The nice thing about Process Explorer is that it checks the running processes against VirusTotal, and shows if there is anything suspicious.

 

In Process Explorer, click Options, click VirusTotal.com, click Check VirusTotal.com

 

Normal for certain legitimate processes to connect.

 

Sounds like you should uninstall and re-install Avira so you can access your settings, if you're still concerned.


Edited by jwoods301, 20 June 2017 - 06:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users