Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Kakzle on December 06, 2003, 05:07:39 AM
-
Win32:Sdbot-g12
Win95:Matyas
Win31:Kuang2
Win32:DyfunDldr
Avast keeps finding these viruses and it won't repair them, so I just placed them in the chest. I downloaded the virus cleaner and it didn't find anything.
-
run http://housecall.trendmicro.com (http://housecall.trendmicro.com)
-
What files were these viruses detected in?
-
This is the best way I know how to give you all the information. I copied the xml file in the chest and pasted it here.
<?xml version="1.0" encoding="UTF-8" ?>
- <aswObject>
<NewId>0000000E</NewId>
- <ChestEntry>
<ChestId>00000001</ChestId>
<FileTime>960498000</FileTime>
<OrigFileName>kernel32.dll</OrigFileName>
<OrigFolder>C:\WINDOWS\SYSTEM</OrigFolder>
<Comment />
<Category>System</Category>
<TransferTime>1068596954</TransferTime>
<FileSize>536576</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000002</ChestId>
<FileTime>1036551338</FileTime>
<OrigFileName>wsock32.dll</OrigFileName>
<OrigFolder>C:\WINDOWS\SYSTEM</OrigFolder>
<Comment />
<Category>System</Category>
<TransferTime>1068596956</TransferTime>
<FileSize>36864</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000003</ChestId>
<FileTime>960498000</FileTime>
<OrigFileName>command.com</OrigFileName>
<OrigFolder>C:</OrigFolder>
<Comment />
<Category>System</Category>
<TransferTime>1068596957</TransferTime>
<FileSize>93040</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000004</ChestId>
<FileTime>1067581274</FileTime>
<OrigFileName>cln4066.TMP</OrigFileName>
<OrigFolder>c:\WINDOWS\TEMP</OrigFolder>
<Comment />
<Virus>Win32:DyfucDldr [Trj]</Virus>
<Category>Vir</Category>
<Restore>yes</Restore>
<TransferTime>1068597354</TransferTime>
<FileSize>69632</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000005</ChestId>
<FileTime>1068655928</FileTime>
<OrigFileName>trz4062.TMP</OrigFileName>
<OrigFolder>c:\WINDOWS\TEMP</OrigFolder>
<Comment />
<Virus>Win32:DyfucDldr [Trj]</Virus>
<Category>Vir</Category>
<Restore>yes</Restore>
<TransferTime>1068642741</TransferTime>
<FileSize>69632</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000006</ChestId>
<FileTime>1068656056</FileTime>
<OrigFileName>trz60E3.TMP</OrigFileName>
<OrigFolder>c:\WINDOWS\TEMP</OrigFolder>
<Comment />
<Virus>Win32:DyfucDldr [Trj]</Virus>
<Category>Vir</Category>
<Restore>yes</Restore>
<TransferTime>1068642747</TransferTime>
<FileSize>69632</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000007</ChestId>
<FileTime>1068613136</FileTime>
<OrigFileName>Folders.dbx</OrigFileName>
<OrigFolder>c:\WINDOWS\Application Data\Identities\{94C2B5C9-26A8-4F76-B240-5D5F6ECF8C0B}\Microsoft\Outlook Express</OrigFolder>
<Comment />
<Virus>Win32:DyfucDldr [Trj]</Virus>
<Category>Vir</Category>
<Restore>yes</Restore>
<TransferTime>1068642787</TransferTime>
<FileSize>74720</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000008</ChestId>
<FileTime>1068658846</FileTime>
<OrigFileName>pavdll.dll</OrigFileName>
<OrigFolder>c:\My Documents\padmin.exe</OrigFolder>
<Comment />
<Virus>Win32:Kuang2</Virus>
<Category>Vir</Category>
<Restore>no</Restore>
<TransferTime>1068644477</TransferTime>
<FileSize>1179648</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000009</ChestId>
<FileTime>1068658882</FileTime>
<OrigFileName>pav.sig</OrigFileName>
<OrigFolder>c:\My Documents\padmin.exe</OrigFolder>
<Comment />
<Virus>Win95:Matyas</Virus>
<Category>Vir</Category>
<Restore>no</Restore>
<TransferTime>1068644514</TransferTime>
<FileSize>3125710</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>0000000A</ChestId>
<FileTime>960498000</FileTime>
<OrigFileName>wsock32.dll</OrigFileName>
<OrigFolder>C:\WINDOWS\SYSTEM</OrigFolder>
<Comment />
<Category>System</Category>
<TransferTime>1068654750</TransferTime>
<FileSize>36864</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>0000000B</ChestId>
<FileTime>1070344190</FileTime>
<OrigFileName>[UPX]</OrigFileName>
<OrigFolder>c:\WINDOWS\TEMP\_avast4_\unp23682</OrigFolder>
<Comment />
<Virus>Win32:SdBot-g12 [Trj]</Virus>
<Category>Vir</Category>
<Restore>no</Restore>
<TransferTime>1070329790</TransferTime>
<FileSize>1106432</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>0000000C</ChestId>
<FileTime>1070342328</FileTime>
<OrigFileName>trz22C5.TMP</OrigFileName>
<OrigFolder>c:\WINDOWS\TEMP</OrigFolder>
<Comment />
<Virus>Win32:SdBot-g12 [Trj]</Virus>
<Category>Vir</Category>
<Restore>yes</Restore>
<TransferTime>1070329806</TransferTime>
<FileSize>1106432</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>0000000D</ChestId>
<FileTime>1068282856</FileTime>
<OrigFileName>dbplugin.exe</OrigFileName>
<OrigFolder>c:\WINDOWS</OrigFolder>
<Comment />
<Virus>Win32:SdBot-g12 [Trj]</Virus>
<Category>Vir</Category>
<Restore>yes</Restore>
<TransferTime>1070330192</TransferTime>
<FileSize>261120</FileSize>
</ChestEntry>
</aswObject>
-
I went to microtrend and did their scan and it didn't find any viruses. Does this mean that avast is giving me false readings? I noticed that avast scans files on my harddrive that don't seem to exist, like in the _restore folder, it scans some thousands of folders, but when I look at that folder in windows explorer, there is only 4 files.
-
Those two pav* files are really false alarms in Panda Antivirus tool caused by Panda storing unencrypted virus samples inside.
The Sd-Bots may be real...
-
igor sdbots ARE detected by trend. I think there IS a possibility these are false positives
-
I didn't say they aren't... just there are so many sdbots, it's easily possible that some of them are missed by some antiviruses (avast included).
Anyway, it's always possible to send the files from the Chest to Alwil Software for analysis (preferably with some info/comments on the possible false positive in the e-mail).