I got 52 Trojan Horses?

[polonus]

Hi C0731R ,

I think it is also time to clean up house (computer temp files meant) with ATF Cleaner (yes tick all and fire) and the additional ClearProg to have a go at specific IE, Fx and Windows files.
Get ATF Cleaner here: http://www.majorgeeks.com/downloadget.php?id=4949&file=15&evp=72ef5a5e927b2276e6a5bc34c89d005a

Get ClearProg here: http://www.clearprog.de/site.php?id=10&lang=en

That is a lot of crap less, I do this only a regular basis and it never caused me any harm, because I like my comp nicely crisp and clean, and what I like to save saved through back-up,

polonus

[Chim]

Well not scanning the swap file  txt files etc
personal choice
now if the exclusion was for .exe .dll etc then we would know there was malware afoot
let us know what you find out

I just sent avast! Tech Support my E-mail inquiry.
Whenever I get a reply from them, I will let you all know what the lowdown is on these "DEFAULT" Standard Shield Exclusions.

[Lisandro]

"DEFAULT" Standard Shield Exclusions.

?:\PageFile.sys
should be enough

[C0731R]

Okay, ya'll, I'm back. Looks like this issue has stirred up some discussion; it's also taught me quite a bit about "pamuters" (my son's word) that I hadn't learned yet.

I've scanned most of the 52 flagged & quarantined files what Avast! flagged as Trojan Horses, and as VirusTotal scans the file the only system that indicates that these files are Trojan Horses is Avast!.

The screen gives what appears to be basic file info, like file size, etc., then lists all of the scanning systems used. At the bottom is says (0 exports).

Any other info I can share here? Let me know.

To me, this begs the question: was there a recent Avast! update that is now seeing these files as Trojans, when older versions didn't? I'm thinking that I need to make the changes to have Avast! ignore them in future scans. It appears to me that most or all of these "Trojan" false alarms actually serve some purpose, so at this point, I guess I'll leave them for now; I may go through and kill 'em all later. It appears I've got a lot of "housecleaning" to do. I'll wait for everyone's advice before I decide on anything.

Thanks for all your help, everyone.

thx - cpr

[Lisandro]

"DEFAULT" Standard Shield Exclusions.

?:\PageFile.sys
should be enough

Also see http://forum.avast.com/index.php?topic=37651.msg315169#msg315169

To me, this begs the question: was there a recent Avast! update that is now seeing these files as Trojans, when older versions didn't?

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

[Hektor]

Hi Tech,

I'm new to this forum and I apologise for raising this question below (but I don't know how elese to get my question to you).

I run home windows xp (service pack 3 is in) and i have upto date home edition avast.  my windows security centre shield is saying that i have no virus protection.  I tried your solution which you posted on september 10, 2006, rebooted twice & the shield is still there (saying i have no antivirus). 

do you have any suggestions?

thanks so much

regards
hektor

[Lisandro]

I run home windows xp (service pack 3 is in)
do you have any suggestions?

hektor, check: http://forum.avast.com/index.php?topic=23457.msg193534#msg193534
and http://windowsxp.mvps.org/repairwmi.htm

[wyrmrider]

Hecktor
for some background see this thread
http://forum.avast.com/index.php?topic=37637.0

[C0731R]

 To know if a file is a false positive, please submit it to VirusTotal and let us know the result. [/quote]

What would you guys need to see from that screen in virustotal? I had a hard time figuring out what it all meant.

thx - cpr

[Lisandro]

What would you guys need to see from that screen in virustotal?

Click in the 'archive' button and browse for the file you want to upload/scan, click to continue... the scanning results will appear, one by one...

[C0731R]

Please pardon my ignorance, but "Archive" where?

thx - cpr

[Lisandro]

In Portuguese, arquivo.
In English, file.
Sorry, I've mess the words archive and file.

[C0731R]

What would you guys need to see from that screen in virustotal?

Click in the 'archive' (file) button and browse for the file you want to upload/scan, click to continue... the scanning results will appear, one by one...

So what information exactly do I need to post here? Do I cut/paste every detail of every result for every file scanned? that's my question. Is there some way to just post the results (like a quick & concise list) of what virustotal shows me? If there is, how do I do it.

As I said before, I'm new to this, so I think I may missing something in these steps. Basically, all virustotal tells me is what I stated in my earlier post. (Avast! is the only engine in all of virustotal that sees these as trojans.)

Lastly, if these aren't trojans, how do I get them back into operation so we can play games again? (in other words, out of the chest?) I'll go back and re-read this thread and make sure I'm not missing something.

thanks again for all the input here -

thx - cpr

[DavidR]

In your browsers address bar, just copy and paste the URL for the page with the VirusTotal results in the forum.

From the chest you can restore files, but simply doing that will have them detected again so you have to report them to avast for correction and exclude the files from scanning, etc.

So if it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[C0731R]

Here's a couple:

http://www.virustotal.com/analisis/b63a79725f3ef0f1bbe6f4f30eacce5d
http://www.virustotal.com/analisis/9bfff859a60f0927d81460dfa8806296

It's not seeing this one as a trojan anymore -
http://www.virustotal.com/analisis/c5b2039d007a6d38c7ebd5443b1c3e89

I'll post more later -

thx - cpr