Avast WEBforum
Other => Viruses and worms => Topic started by: heavy_kevie on August 19, 2009, 03:25:35 PM
-
I received 10 warnings about files under the c:\system volume information\_restore\.....\Ffsweep.dll, Filesweep.dll, A0134357.dll, A0134358.dll, A0137288.dll, and A0137289.dll. I can't seem to find any information about Win32:Induc. Are these false positives? I believe Ffsweep and Filesweep are files associated with IObit Advanced system care 3 and IObit Security 360, both of which I have installed. How do I submit files for evaluation? Currently, these files have been moved to the virus chest. Thanx in advance!
-
Hi... Heavy,... You have no worry about that because its only detect in System Info. means a file there is called System Restore...
-
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
It is possible that stuff like this from other security applications have unencrypted signatures, which can be detected.
The Win32:Induc virus signature is a new signature that If you do a search of the forums you will see it is going to become more prevalent as it has been found in applications that use delphi compilers.
-
There is also now a blog post on the subject:
avast! blog >> Win32:Induc, new concept of file infector? (http://blog.avast.com/2009/08/19/win32induc-new-concept-of-file-infector/)
-
Microsoft Security Essentials is detecting them also...
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fInduc.A&threatid=2147627628
Not sure they're not false positives, yet.
-
Sign of "Win32:Induc" has been found in "C:\Program Files\IObit\Game Booster\GameBooster.exe" file.False positive?
-
Sign of "Win32:Induc" has been found in "C:\Program Files\IObit\Game Booster\GameBooster.exe" file.False positive?
Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.
Regards
-
Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.
Regards
Doesn't virustotal use slightly older signatures...
How bad would it have been if they said that their security product was infected...what irony ;D
-
Win32:Induc (http://www.viruslist.com/en/weblog?weblogid=208187826) only infects through Delphi 4.0, 5.0, 6.0, and 7.0.
-
Not a false positive. Their sofware was infected with Induc virus. IObit releases new build today which is clean, but I don't like their statement in the support forum - It sounds like "We released new version to prevent false positive detection from many AV vendors". I think their users might get better information.
Shame on Iobit.
-
I am attaching a screen shot of my virus chest. What should I do?
-
I started Wise File Cleaner and Avast ALERTED on its program File . I ran a OD Scan and found 8 more . I think I picked these up Downloading Program Updates.
-
"Vista Start Menu 3.2" is also infected
Hi,
The version 3.2 has a virus inside :(
I'm really sorry for the inconvenience.
This virus is not dangerous.
Please read more detail descriptions here -
http://www.viruslist.com/en/weblog?weblogid=208187826
http://www.delphipraxis.net/topic163041_virus+infects+delphi.html
Please uninstall your current version and setup new one.
Download links -
freeware -
http://www.vistastartmenu.com/VistaStartMenu_Setup_freeware_en.exe
PRO -
http://www.VistaStartMenu.com/VistaStartMenu_Setup_Pro_3x.exe
If you has any special builds, please contact to the support -
http://www.tidyfavorites.com/contact.php
--
Best regards, Dennis Nazarenko
-
For Delphi developers how to get rid of:
http://blog.avast.com/2009/08/19/win32induc-new-concept-of-file-infector/comment-page-1/#comment-965
(Milos from viruslab)
-
Weather Pulse is also claiming that this is a false positive.
http://www.tropicdesigns.net/article.php?article_id=55
Also, My Gmail Keeper program was flagged as having this infection, so I emailed them and am waiting for their reply.
-
Weather Pulse is also claiming that this is a false positive.
http://www.tropicdesigns.net/article.php?article_id=55
Also, My Gmail Keeper program was flagged as having this infection, so I emailed them and am waiting for their reply.
August 18, 2009, 10:49 PM
>=================================================
>Aug 18th 2009
>2.10 Build 13
>=================================================
>Bug Fixes:
>Emergency Fix for False positive from Virus scanners.
>
>Download here: http://www.tropicdesigns.net/weather_pulse.html
>
>
>>My AVAST anti-virus found the WIN32:INDUC virus attached to your Weather Pulse s/w. I have used Weather Pulse for several years w/o any problem. I have no idea how the virus got attached, but I suspect it might have been when I recently went to your web site and had accidentally entered your address ending in '.com', instead of '.net'. If not - I have no other idea ...
>>
>>Just letting you know.
>>
>>Frank
>>
>>P.S.: THANKS for a great little program!
This message: "Emergency Fix for False positive from Virus scanners." makes me smile :-)
EDIT:
http://www.virustotal.com/analisis/ba110d36bedfdf3bbd8d50f5f18029b58391187f5f956b849364f64f5d4f7d46-1250832507 (http://www.virustotal.com/analisis/ba110d36bedfdf3bbd8d50f5f18029b58391187f5f956b849364f64f5d4f7d46-1250832507)
and image below.
-
I really hate that companies do not acknowledge their software are infected :P
-
I really hate that companies do not acknowledge their software are infected :P
I feel the same, but I can sorta understand why they are saying what they are saying...
In the case of another certain product that is there to protect the user, is actually, genuinely infected upon distribution...imagine the kind of effect that has...
-
In the case of another certain product that is there to protect the user, is actually, genuinely infected upon distribution...imagine the kind of effect that has...
Lying is never protect.
-
+1 but Avast! is here to protect those thing to happaned to any guy or girl to get infected.
-
In the case of another certain product that is there to protect the user, is actually, genuinely infected upon distribution...imagine the kind of effect that has...
Lying is never protect.
I know...the truth is always better...
-
At least avast! is not alerting on Event Log Explorer download site.
There is a big thunderstorm coming :o
-
Gee folks, thanx for all the input. I will delete the system restore point, then install the latest release of IObit 360. Thanx again for all the input, ur life savers!
-
I am getting hits also from Glary Registry Repair.....I uploaded file to virustool and this is what it looks like.
http://www.virustotal.com/analisis/d6f0a67946431de583f95093f686a66e0dc3b0c1de53cf984aa876ef677a5443-1250762330
-
Never cared much for Glary Registry repair:
http://forum.avast.com/index.php?topic=47792.0
I prefer TweakNow PowerPack 2009:
http://www.tweaknow.com/powerPack.html