Avast WEBforum
Other => Viruses and worms => Topic started by: cengliong on November 05, 2006, 05:30:50 AM
-
Hi,
My VPS version was 0645-4, 03/11/2006. When I scanned my files with thorough scan, I found that I've got a Trojan Horse.
My warning log contains:
05/11/2006 11:06:51 Welly 2220 Sign of "Win32:ShareAll-H [Trj]" has been found in
"C:\Program Files\iolo\System Mechanic Professional 6\SysMech6.exe\[ASPack]" file.
I've checked the file on http://virusscan.jotti.org/ and the result was infected by Trojan-Spy.Banker.69 (detected only by VBA32)
Your help would be appreciated
cengliong
-
Seems a false positive.
As a workaround, please, add the file to the Standard Shield exclusion list untill you can receive new virus database (vps) updates.
-
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html) , this uses the Windows version of avast and has a greater number of different scanners, 27 at last count.
-
Additionally, please pack the misdetected executable into a password-protected ZIP or RAR and send it to virus@avast.com, please (with a "False positive" subject, for example).
-
The new VPS still detecting it as a trojan ( 0646-0, 06/11/2006 ). I've tried VirusTotal and it gave the same result :
Avast -> Win32:ShareAll-H
VBA32 -> suspected of Trojan-Spy.Banker.69 (paranoid heuristics)
I've just sent the file to virus@avast.com
-
Hi cengliong,
the VPS of 1st November (0645-0) picked up ShareAll-H in SysMech6.exe for me,
and I got the same result as you when using the multi-scan, VBA32 found Spy.Banker.69 (paranoid heuristics), and commented "possibly infected/malware. Might be false +ve".
Still not good for the blood pressure when you think you are clean!
I have SysMech6 locked in the Chest until safe to let it out to play....
-
Newer VPS (646-2, 07/11/2006) gives a clean result. Let us wait for VBA32 to update its database.
-
Newer VPS (646-2, 07/11/2006) gives a clean result. Let us wait for VBA32 to update its database.
Well, we're not that bad ;)
-
My friend once said VBA32 is very good at detecting trojans. If its new database gives a clean result, then should I take it as if my file is safe?
-
My friend once said VBA32 is very good at detecting trojans. If its new database gives a clean result, then should I take it as if my file is safe?
Most probably... but, after all, as you've done before, the better will be submitting the file to on-line scanners.
-
OK, thanx..