So... is my Virtualbox VM infected or something?

Discussion in 'other anti-virus software' started by Fox Mulder, Mar 23, 2013.

Thread Status:
Not open for further replies.
  1. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Hey everyone.

    I have a Virtualbox VM that runs Windows XP. It's connected to the internet, but it has Comodo Firewall installed and I only run programs I put onto it.

    I left it on overnight and woke up to see that it crashed. Okay, whatever. Odd.

    So I started it back up again, and ran a virus scan on the host machine.

    To my surprise, I saw this: http://i.imgur.com/MbVl0ph.png

    That's basically a buttload of trojans in virtualbox.exe's memory.

    I did another scan with the VM closed, but with the VirtualBox launcher open, and no results were found in virtualbox.exe. For some reason, the FakeVimes-B is still discovered in cmdagent.exe memory. That's a COMODO process.

    So, is my guest infected or what?
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    ask avast support!?
     
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Avast! just came out with a new heuristic detection module. Maybe the new module is flagging these files, as its so brand new maybe all the kinks have not been figured out yet. Contact Avast! support.
     
  4. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    You have set up the avast scan to scan memory of all running processes, and that is a practice often prone to false positives. In this specific case, it is obviously detecting some virus signatures of an AV (Comodo?) running in the VM.

    In other words, the AV running in the VM is obviously not encrypting (or disguising in any other way) the virus signatures in memory - not very good practice exactly for this reason. On the flip side, I don't think there's any reason to worry that there's an infection.

    Thanks
    Vlk
     
  5. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I would not be surprised knowing Comodo :)
     
Loading...
Similar Threads
  1. jjc225
    Replies:
    2
    Views:
    393
Thread Status:
Not open for further replies.