Avast found a virus (or something else malicious) in Catalyst Control Center?

Xexoxix · Jun 9, 2014

Hi, so when I turned on my PC today I saw this message:

I cannot find any way to trace the filepath, and I also ran an OTL scan (if that means anything), which you can find here.

https://www.dropbox.com/s/djwgvgrjvzo06f5/OTL.Txt

Anyway, it says no further action is required, but is there anything to worry about? Are there more threats to come? Thanks for any help.

rgd1101 · Jun 9, 2014

don't look good. did it got a update just before the scan?
https://forum.avast.com/

AVAST forum offline due to attack

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. No payment, license, or financial systems or other data were compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

All the best,
Ondrej Vlcek
COO AVAST Software

Dark Lord of Tech · Jun 9, 2014

http://malwaretips.com/blogs/win32evo-gen-susp-virus/

Dark Lord of Tech · Jun 9, 2014

Run

Hitman Pro.

http://www.surfright.nl/en/hitmanpro

Xexoxix · Jun 9, 2014

rgd1101 :

don't look good. did it got a update just before the scan?
https://forum.avast.com/

AVAST forum offline due to attack

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. No payment, license, or financial systems or other data were compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

All the best,
Ondrej Vlcek
COO AVAST Software

I never made an account on the forum. I also don't think it updated... I will run Hitman Pro like blackbird says, see what shows up.

Xexoxix · Jun 9, 2014

rgd1101 :

don't look good. did it got a update just before the scan?
https://forum.avast.com/

AVAST forum offline due to attack

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. No payment, license, or financial systems or other data were compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

All the best,
Ondrej Vlcek
COO AVAST Software

I never made an account on the forum. I also don't think it updated... I will run Hitman Pro like blackbird says, see what shows up.

Tom Tancredi · Jun 9, 2014

CCC.exe from what I remember was Catalyst Control Center, the software to run your ATI/AMD Video Drivers. Did you recently update it? If so, this is probably a false positive (been a while for Avast to do that), that it didn't know what that version of CCC was and quarantined it (locked it away not in the normal filepath is why you couldn't 'find it' when you browsed, to prevent it from causing damage). Have you checked Avast! for software updates (Open Avast, Click Settings, Update then click UPDATE next to PROGRAM)?

Xexoxix · Jun 9, 2014

Thanks for the suggestion. I ran hitman pro and it found some toolbars and "malware" which was dogecoin mining software. That was it.

Dark Lord of Tech · Jun 9, 2014

YOU SHOULD BE CLEAR IT'S REAL THOROUGH.

Xexoxix · Jun 9, 2014

What should be thorough? Hitman?

Dark Lord of Tech · Jun 9, 2014

It finds and gets rid of almost anything out there.
Great tool.

Xexoxix · Jun 9, 2014

It did a very thorough job. Thank you for recommending it. It doesn't seem like there was really anything besides ask toolbars which I SWEAR I SAID NOT TO INSTALL. However, when I restarted my PC it had a little Hitman thing popup before the "welcome" screen. Is this recurring?

Dark Lord of Tech · Jun 9, 2014

I just uninstall it when I'm done using it.

Xexoxix · Jun 9, 2014

Yeah, I just did the "one time" run.

Dark Lord of Tech · Jun 9, 2014

That's sufficient.

Xexoxix · Jun 9, 2014

Thanks for all your help.

Dark Lord of Tech · Jun 9, 2014

No problem.

Tom Tancredi · Jun 9, 2014

Xexoxix :

That is called 'BUNDLED" software. You install one thing (Java update for example) and it installs additional stuff with it. Just slow down when installing / updating things and don't "CLICK CLICK CLICK CLICK CLICK through all the prompts" slow down and READ them. You will then get used to what to 'look for' to avoid such things being installed in the future.

Dark Lord of Tech · Jun 9, 2014

Not all software is honest about listing these add-ons unfortunately.

Avast found a virus (or something else malicious) in Catalyst Control Center?

Distinguished

Don't

Retired Moderator

Retired Moderator

Distinguished

Distinguished

Judicious

Distinguished

Retired Moderator

Distinguished

Retired Moderator

Distinguished

Retired Moderator

Distinguished

Retired Moderator

Distinguished

Retired Moderator

Judicious

Retired Moderator

Share this page