Avast WEBforum

Other => Viruses and worms => Topic started by: whoopla13 on October 07, 2009, 05:10:10 AM

Title: Win32:VB-HWI
Post by: whoopla13 on October 07, 2009, 05:10:10 AM: Avast detected a virus and I don't know how I got this so here is the screen shot. I was wondering if this is a FP?
If not can I safely remove it?
Title: Re: Win32:VB-HWI
Post by: mikaelrask on October 07, 2009, 09:37:20 AM: hey and welcome to the forum i suggest you send the file avast detect to the virus chest so you get the more options then just delete it for it might be and FP. You can upload it to virustotal.com and see what you get and then post it here.

good luck.
Title: Re: Win32:VB-HWI
Post by: whoopla13 on October 07, 2009, 10:50:26 AM: I have put the file in the chest. So how do I send it to virus total? Do I get the file from the chest folder of avast?
Title: Re: Win32:VB-HWI
Post by: Milos on October 07, 2009, 12:32:56 PM: Quote from: whoopla13 on October 07, 2009, 10:50:26 AM
I have put the file in the chest. So how do I send it to virus total? Do I get the file from the chest folder of avast?
I will borrow a part of DavidR's post ;):
Quote from: DavidR on August 23, 2009, 05:51:32 PM
...
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

Milos
Title: Re: Win32:VB-HWI
Post by: whoopla13 on October 07, 2009, 01:09:06 PM: I tried uploading and I get a message that says the file is way too big to be uploaded. I checked and the file is around 20MB. I guess it is best to just delete this file?
Title: Re: Win32:VB-HWI
Post by: Milos on October 07, 2009, 01:54:31 PM: You can try to pack it i.e. with zip, so it can decrease the size a little bit. I think that every AV scanner can unpack it.

Milos
Title: Re: Win32:VB-HWI
Post by: whoopla13 on October 07, 2009, 02:15:50 PM: VTotal scanned the zip file and only avast detects it as a virus.

Result: 1/40 (2.5%)

Does this mean this is a FP and I can safely delete it?
Title: Re: Win32:VB-HWI
Post by: Milos on October 07, 2009, 02:27:11 PM: Can you please sent the file to virus@avast.com with password protected attachement, to confirm the FP? Write password to email body and "false positive" to subject.

Thanks, Milos
Title: Re: Win32:VB-HWI
Post by: whoopla13 on October 07, 2009, 02:48:24 PM: Done! So best option right now is keep it in the virus chest and I can still safetly use my laptop?
Title: Re: Win32:VB-HWI
Post by: Milos on October 07, 2009, 03:25:14 PM: Quote from: whoopla13 on October 07, 2009, 02:48:24 PM
Done! So best option right now is keep it in the virus chest and I can still safetly use my laptop?

Yes, if the virus is in chest you can safetly use your laptop.

Thanks for sample, you sent (COMPONENTS.OLD). It looks like some registy dump ("regf" magic at beginning) this can be created i.e. when using Sanboxie. You can delete it.

Milos
Title: Re: Win32:VB-HWI
Post by: whoopla13 on October 07, 2009, 03:35:06 PM: Thanks for the help! I really appreciate it! Just to make sure there wasn't any real threat to my laptop?
Title: Re: Win32:VB-HWI
Post by: Milos on October 07, 2009, 03:46:41 PM: Quote from: whoopla13 on October 07, 2009, 03:35:06 PM
Thanks for the help! I really appreciate it! Just to make sure there wasn't any real threat to my laptop?

No, this file wasn't any real threat to your laptop. But I don't know which program creates it (especially the part we detect).

Milos