So... is my Virtualbox VM infected or something?

Hey everyone.

I have a Virtualbox VM that runs Windows XP. It's connected to the internet, but it has Comodo Firewall installed and I only run programs I put onto it.

I left it on overnight and woke up to see that it crashed. Okay, whatever. Odd.

So I started it back up again, and ran a virus scan on the host machine.

To my surprise, I saw this: http://i.imgur.com/MbVl0ph.png

That's basically a buttload of trojans in virtualbox.exe's memory.

I did another scan with the VM closed, but with the VirtualBox launcher open, and no results were found in virtualbox.exe. For some reason, the FakeVimes-B is still discovered in cmdagent.exe memory. That's a COMODO process.

So, is my guest infected or what?

 

ask avast support!?

 

Avast! just came out with a new heuristic detection module. Maybe the new module is flagging these files, as its so brand new maybe all the kinks have not been figured out yet. Contact Avast! support.

 

You have set up the avast scan to scan memory of all running processes, and that is a practice often prone to false positives. In this specific case, it is obviously detecting some virus signatures of an AV (Comodo?) running in the VM.

In other words, the AV running in the VM is obviously not encrypting (or disguising in any other way) the virus signatures in memory - not very good practice exactly for this reason. On the flip side, I don't think there's any reason to worry that there's an infection.

Thanks
Vlk

 

I would not be surprised knowing Comodo