_1EA662009873_4921_B1FD_DAB99610FE28.exe

[mchain]

Above file caught by Avast! 7.0.1456 File System Shield while running a MBAM scan in admin account.  File was prevented from opening and executing just as MBAM was scanning it.

Also quick scan reported this file from System Restore as detected:  A0203677.exe

Both detections reported as Win32:Malware-gen by Avast!

Last changed reported time and date in virus chest is identical for both files:  5/8/2008 3:36:17 PM, date of original install of XP Pro SP2.

Google for file in subject line gives only two results:  http://microsoft-streets-trips-2006.software.informer.com/  Second site listed as unsafe.

Attachments will take two separate posts to complete.

[mchain]

Third attachment below:

System seems to be running normally, no additional alerts presented.

[CraigB]

Previous post by True Indian removed. 

mchain please wait for one of the malware specialists to further assist you.

[mchain]

Hi craigb,

Thanks for letting me know what happened here.  Was wondering. 

Have log of MBAM quick scan that set Avast! off, was just updated, said no new update?  Ran scan with database I had.

One more attached below:  Not concerned with error reported for hidden installer folder.  Just means Avast! was not able to move the archive to the virus chest.

Need I consider running OTL, aswMBR?

[SafeSurf]

To be on the safe side, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0. 

Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and the OTL logs (save them as ANSI), and aswMBR log.  Post the logs as an attachment (Additional Options > Attach > Post). 

After you post them, do not make any changes to your machine, do not sync anything to your machine, and try not to use this machine or attach any portable devices to it.  A malware removal specialist will look at your posts after you attach your logs, which you will do OFF line.  Let us know if you have any questions.  Thank you.

[mchain]

@ craigb and SafeSurf,

Thank you both for your help so far.  VT results will be posted in next post after folder Suspect is created.  No harm in runnig aswMBR and OTL to get this going; this may well turn out to be a false positive, but one never knows.

[SafeSurf]

I suspect FP as well, but to be on the safe side I agree.  Thanks. 

[mchain]

Virus Total AT dot com here:  https://www.virustotal.com/file/54a58cdf098fb4c04e1222336011726652dc8c7fbfe395df79904fddbb6b3dae/analysis/

As the previous scan for this file was dated for 2/17/2012, I ran a new scan: 3/42 result.  Quarantined copy extracted to Suspect folder; copy remains in quarantine as well as a new copy in the excluded folder.

Please go to the Additional Information tab at the bottom of the vt window to see if you can ascertain any anomalies with this file.

Thanks.

EDIT:  Attached MBAM quick scan log below that resulted in the alert.

[Pondus]

It is safe......FP


First seen by VirusTotal
2009-06-06 05:02:25 UTC ( 3 år, 1 måned ago )

[SafeSurf]

Ah...good news.  No need to complete the logs. 

[mchain]

It is safe......FP


First seen by VirusTotal
2009-06-06 05:02:25 UTC ( 3 år, 1 måned ago )

Gone and sent as fp, will wait for file to clear before restoring to original location.

Thx Pondus.  Nice to know Avast! is protecting system, even if fp.  K with that.