Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: sergerus on April 14, 2008, 10:01:24 AM
-
I'm using Avast Home. Today Avast alert that c:\program files\Anvir task manager\anvir.exe is Trojan {keygen}. Also one dll in System32 directory detected as Trojan but this is a4tech mouse driver. Befor today everything was ok.
-
please try to scan the files at http://www.virustotal.com (http://www.virustotal.com)
-
So...
1)
system32/amhooker.dll (a4tech mouse driver !) detected as Trojan - 3/32 (9.38%)
http://www.virustotal.com/ru/analisis/c35341d96b4e4d56c06f473c28c21f7a (http://www.virustotal.com/ru/analisis/c35341d96b4e4d56c06f473c28c21f7a)
2)
program files/AnVir Task Manager/AnVir.exe detected as Trojan - 4/32 (12.50%) but Avast service was not detect this file as virus.
http://www.virustotal.com/ru/analisis/35e4873865a3da74bd66657d57710b46 (http://www.virustotal.com/ru/analisis/35e4873865a3da74bd66657d57710b46)
please try to scan the files at http://www.virustotal.com (http://www.virustotal.com)
-
Your item 1. although detected by three scanners, avast's detection would appear to be on a generic signature (-gen) that attempts to catch more than one malware variant so it could be an FP and analysis is advised.
Your item 2. three scanners have this under a sus or suspicious category, which could be heuristic detections that could be an FP. If avast detects it on your system by VT doesn't it is likely that the VT signatures haven't been updated. The user with auto update is often at least one update ahead as VT can't update in real time.
I would suggest that you send the samples to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.