(Running Avast Free)
I think I've got a false positive. The supposedly infected file is the setup file (sp50setup.exe) for
Spector Pro 5 which is a monitoring program (to track the kids internet habits.) The file has been on my PC since August, thought not installed yet. I run a full scan using the integrated shell command and Windows Task Scheduler once a week, using my own instructions, posted
here. It appears that Avast detection of this virus was added on March 25, 2005. The infection is Win32:Urlbot [Trj].
A google search turns up very little about this potential infection. Only two newsgroup posts about Win32:Urlbot.A and a potential false positive for Spector Pro with NOD32 back in October 2003. Those are
here, and
here.
I can find nothing about this virus on Symantec's site, Avast.com, or the NOD32 site.
A few questions:
1. Could the very nature of the Spector Pro program (monitoring internet activity) be triggering this alert?
2. Why is Avast only now adding support for this Urlbot trojan when NOD32 has detected it for almost two years.
3. How do I know for sure that this is a false positive or not?