Author Topic: Virus Problem  (Read 6563 times)

0 Members and 1 Guest are viewing this topic.

debanjan

  • Guest
Virus Problem
« on: May 21, 2010, 09:52:06 AM »
Dear members,

I am using

Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3

Intel(R) Core(TM)2 CPU
T5200 @ 1.60GHz
1.60 GHz,
1.99GB of RAM





Yesterday I performed a boot scan with avast antivirus home edition version 5.0.545.
Avast found two malwares but both of them were system files i.e. they were shipped with this product(Windows XP).
The found malwares  were :-
dodo.exe---this file was found in Program Files/EASY Internet Sign UP
and another

was a trial version of a game which was sold with this product by HP.(Since the computer is manufactured by HP).

I know (and am sure) that none of them are malwares but avast has stored them into the virus chest.What can I do so that they are removed from the virus chest and ignored by avast antivirus on further scans?

I have already submitted it to the virus lab.

Second question, Does Avast antivirus has false positives during scan???


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Virus Problem
« Reply #1 on: May 21, 2010, 11:50:27 AM »
I am roughly 99.99% sure dodo.exe = malware
But if you really want it.....
1) Right click on the file in the virus chest and put it back to the original location.
2) Add the file to the exclusion list

I don't recommend this, but if that is what you want....

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Virus Problem
« Reply #2 on: May 21, 2010, 12:01:56 PM »
Get yourself a second opinion before restoring the files from chest..!!
Use free Mbam: http://www.malwarebytes.org/mbam.php
And yes, every AV has FPs sometimes, but avast rather seldom.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Virus Problem
« Reply #3 on: May 21, 2010, 03:38:06 PM »
dodo.exe probably isn't a file you should think about keeping on your system.
http://spywarefiles.prevx.com/RRIJIJ1178088/DODO.EXE.html
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

debanjan

  • Guest
Re: Virus Problem
« Reply #4 on: May 21, 2010, 03:55:01 PM »
thank you everybody for your feedback. I am very grateful to all of you.
Than you all once again.

debanjan

  • Guest
Re: Virus Problem
« Reply #5 on: May 21, 2010, 10:44:44 PM »
I have checked it(dodo.exe) thrice with mbam (MalwareBytes Anti-Malware) but everytime it was reported to be clean by mbam.

I also checked the other file which avast termed as malware and surprisingly found that also to be clean.

Now I am in a dilemma, which one should I believe,,,avast or mbam.

Have U guys any idea about this.

Please help.


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Virus Problem
« Reply #7 on: May 21, 2010, 11:32:59 PM »
Hi debanjan,

Backdoor.Fluxay.47 - dodo.exe - dodo

dodo.exe is a process that is registered as Backdoor.Fluxay.47. Such files, which usually end up becoming a spyware or viruses when landing in your PC often differ from the original file that is not a threat, because they are located in other directories and have a different digital signature. To determine whether this is a real threat or not, to undertake a review with the tool of detection like virustotal.com (upload dodo.exe there). What are the results?

It is cloaked malware, re: http://www.prevx.com/filenames/1099703743611420141-X1/227.EXE.html
& http://spywarefiles.prevx.com/RRIJIJ1178088/DODO.EXE.html

The file "dodo.exe" is known to be created under the following filenames:
This file can also be found at following location(s) (can also be found with different file name(s)):
%systemdrive%\documents and settings\dodo.exe
This filename is associated with the Malware groups:
Trojan-Downloader
This file was found in the following Malware families by analysis team:
Trojan-Downloader.Losabel.bt
ype : Trojan-Downloader

Symptoms of Losabel.bt Re: http://www.spywarelib.com/remove--Trojan-Downloader-Losabel-bt.html 

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!