You are not logged in.

Tuesday, September 2nd 2014, 8:42am

The Avira Forum will be moved to the new platform Avira Answers soon. We'll make the transition of existing user profiles and threads as smooth as possible.
New visitors are able to log in on Avira Answers with the existing Avira account directly or sign up with a new account.

  • "Sloppy Chicken" started this thread

Date of registration:
May 11th 2010

  • Send private message

1

Thursday, August 29th 2013, 4:00pm

Exp/FLASH.Straconn.Gen (Exploit) Malware Detected By Avira. False Positive?

Hi,
Can anyone please inform me what the following malware is which my free Avira Antivirus detected whilst I was just browsing online. When I came offline I deleted it completely from my Avira quarantine where it had been placed.

The malware is listed as: Exp/FLASH.Straconn.Gen (Exploit). 54e2dac0.qua.

Can someone please tell me what exactly it was, what does it do and how dangerous or not is it?

I had, by the way, just updated my free Avira to the latest version before going online and I'm just wondering if it was a false positive reading or was it a real detection?

Any help/information would be most grateful. Many thanks. :)

avon

Community member

Date of registration:
Apr 15th 2008

Version:
Avira Antivirus Suite

Operating System:
Windows 8.1U1 Pro 32-bit Windows XP Home SP3 32-bit

  • Send private message

2

Thursday, August 29th 2013, 6:05pm

Virus: EXP/FLASH.Straconn.Gen , Full Description:
http://www.avira.com/en/support-threats-…d/8096/tlang/en

redwolfe_98

Community member

Date of registration:
Nov 14th 2006

Version:
Avira Antivirus Premium

Operating System:
Win XPsp3

  • Send private message

3

Thursday, August 29th 2013, 8:08pm

sloppy_chicken, it is possible that it was a false-positive.. it also is possible that it wasn't a false-positive..

you didn't post any data from your avira-logs showing exactly what was flagged..

you deleted the file that was flagged, from the avira-program's "quarantine", so there is no way to check it, now, to see if it was a false-positive, or not..

i wouldn't worry about the file that was flagged.. if the detection was correct, it was something that was used to exploit vulnerabilities in "flash player".. if it had been able to exploit vulnerabilities in "flash player", then you would have something to worry about.. in other words, it would be other malicious files that were installed, if any, that would be the ones to worry about..

unless your computer is behaving strangely, indicating a malware-infection, or some other files are flagged by the avira program, or by some other anti-malware program, i would assume that the file was not able to exploit vulnerabilities in "flash player" and that no other malware was installed, and, so, there is nothing to worry about..

i don't know what the circumstances were when the file was flagged, which webpage you were on or what you were doing, like watching videos or clicking on ads, but, generally, it is a good idea to try to make your web-browser as secure as possible, in order to minimize the likelihood that something malicious will run while you are viewing webpages.. one way to do that is to use the "firefox" browser along with the "noscript" and "adblock plus" addons.. however, if you love clicking on ads, on webpages, you probably wouldn't want to use the "adblock plus" addon.. but, sometimes, clicking on ads on webpages can result in a malware-infection..

if you use "internet explorer", you could use high security-settings for all of the "zones" except for the "trusted sites" zone, and then add websites to the "trusted sites" zone as necessary.. if you are going to do that, adjust the settings for the "trusted sites zone", too, raising it to the medium-high security-level (or by using custom-settings)..

also, keep everything up-to-date in order to minimize the likelihood that there will be a vulnerability to exploit..

if you don't need "java", the best thing to do is to uninstall it.. if "java" is installed, keep it up-to-date..
win xpsp3, "windows firewall", avira 14 premium, SSM, RegDefend

  • "Sloppy Chicken" started this thread

Date of registration:
May 11th 2010

  • Send private message

4

Friday, August 30th 2013, 4:13pm

Hi,
Many thanks for the replies and your advice.

Since my last post I've ran two full system scans on my Avira AntiVirus and they've come up clean. There's been no detections or warnings of any kind so it looks like things are OK.

The website which I was on when the detection flagged up was a well established and renown international news website which I use daily. I already have a pop up blocker that is set to high and I rarely - if ever - click on any advertisements that are displayed on a web page. My zone settings are set at Medium-High, which have always served me well in the past; and the rest of my security - including Avira - is updated on a daily/regular basis. So I'm hoping that this was just a false-positive.

As regards to the the Exp/FLASH. Straconn.Gen (Exploit) itself , is this more a 'low grade' risk malware or something higher?

Once again, thanks for your input. It's much appreciated.

redwolfe_98

Community member

Date of registration:
Nov 14th 2006

Version:
Avira Antivirus Premium

Operating System:
Win XPsp3

  • Send private message

5

Saturday, August 31st 2013, 12:40am

if exploit-kits are able to find a vulnerability to exploit, more malware would be installed.. if the exploit-kit is unable to find a vulnerability to exploit, you could say that it is a "low-grade risk" since it doesn't do anything when it can't find a vulnerability to exploit..

if more malware had been installed, i wouldn't consider that to be a "low-grade risk".. as to what malware would be installed, right now, it seems the most common malware is what is referred to as "zeroaccess" and involves "ransomware".. however, i wonder if there isn't more to it than that..
win xpsp3, "windows firewall", avira 14 premium, SSM, RegDefend

  • "Sloppy Chicken" started this thread

Date of registration:
May 11th 2010

  • Send private message

6

Thursday, September 5th 2013, 2:17pm

Hi, this detection has flagged up again after a gap of a few days. And once again after my Avira was updated to the latest version.

Here's the info I have:

File name: c:/Windows/Temp/000000-E51930AF
Quarantine Object: 56cbfdde.qua
Operating System: Windows XP/VISTA Workstation/Windows 7.
Virus Definition File: 7.11.100.212.
Virus: HTML/Malicious.Flash.Gen

Detection: Contains recognition pattern of the HTML/Malicious.Flash.Gen HTML script virus.
Note: The file was moved to the quarantine directory under the name '56cbfdde.qua'!


Strange that like before, I was online for quite a while before this flags up. And again on an a website that I've always used. My security settings zones are on medium-high, a pop-up blocker is in place and all my security settings are up to date.

When I ran a full Avira scan the first time around (twice, infact), it was totally clean.

I wonder if it is a false positive? Should I be concerned?

This post has been edited 1 times, last edit by "Sloppy Chicken" (Sep 5th 2013, 2:24pm)