Author Topic: What file from archive is infected  (Read 1610 times)

0 Members and 1 Guest are viewing this topic.

Offline vsub

  • Full Member
  • ***
  • Posts: 113
What file from archive is infected
« on: June 01, 2013, 06:53:01 PM »
Is there is a way to find which file from archive is infected.

This is probably false positive but I have SFX archive which is more than 3 years old and no change were done to it since then.

3 months ago I made a complete scan using 8.0 1482.45(using maximum sensitivity on everything(including boot time scan))and avast didn't find anything(it never suggested that the archive contains any kind of mailware till now)

3 months ago till now,avast was uninstalled,the pc didn't have network connection and no new files were copied.Now after I installed the newest version and did a quick scan,avast said that the SFX archive contains Win32:Malware-gen

I also have the archive contents in a folder in the same directory as the SFX archive(they exist there from even longer time than the SFX archive which I create and no change is done to any of the files)but avast don't say anything when I scan the folder.

It's just weird...I even extracted the SFX archive in a virtual machine,create a new SFX archive with the files and when I scan it,avast didn't say anything.
Why this is happening?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11805
    • AVAST Software
Re: What file from archive is infected
« Reply #1 on: June 02, 2013, 12:03:20 AM »
What is the full line of the result (where avast! says it's infected)? It contains the name of the file inside of the archive.

Offline vsub

  • Full Member
  • ***
  • Posts: 113
Re: What file from archive is infected
« Reply #2 on: June 02, 2013, 12:15:32 AM »
The only name it shows is the SFX archive name...like the archive itself is the virus,not something from it side it.

If I delete all of the files from it in the virtual machine and then try to scan it,avast says that the file is Win32:Malware-gen
SFX archive with nothing inside