Author Topic: win32:KillAV-PI false positive?  (Read 2506 times)

0 Members and 1 Guest are viewing this topic.

Offline Dumbugggs

  • Newbie
  • *
  • Posts: 1
win32:KillAV-PI false positive?
« on: September 26, 2013, 04:33:49 AM »
Hi ,
I have a mac OX 10.8.5 running a win 7 64 VMware 6.0.1 , that keeps giving me infection errors ever time I boot
I was getting mppt97:shellcode-O...I removed it now it's giving me a win32:KillAV-PI.  The win VMware has been scanned twice, with several different antivirus softwares Symantec, malware bits ect... The file that ends in a .vmem I really don't want to blow away the vm ... It should be clean...removed all restore points everything...it's not even set to scan network volumes just Mac finds it, could it be a false positive?

Thanks!




Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2216
Re: win32:KillAV-PI false positive?
« Reply #1 on: September 26, 2013, 06:28:45 PM »
Hi ,
I have a mac OX 10.8.5 running a win 7 64 VMware 6.0.1 , that keeps giving me infection errors ever time I boot
I was getting mppt97:shellcode-O...I removed it now it's giving me a win32:KillAV-PI.  The win VMware has been scanned twice, with several different antivirus softwares Symantec, malware bits ect... The file that ends in a .vmem I really don't want to blow away the vm ... It should be clean...removed all restore points everything...it's not even set to scan network volumes just Mac finds it, could it be a false positive?

Thanks!
Hello,
can you upload some .vmem to our ftp://ftp.avast.com/incoming/, please? Pack the file before uploading using i.e. 7-zip.

Milos

Offline Dumbuggggs

  • Newbie
  • *
  • Posts: 1
Re: win32:KillAV-PI false positive?
« Reply #2 on: September 29, 2013, 06:52:04 PM »
Hi,
I could only delete the vmem from avast, couldn't add to chest, even the vmem file couldn't even get to it...looked like a temp file....ie random like 45332453246.vmem.   Even after I unpacked the VM which I couldn't get to. Kept repeating.

After that stared running more tests more av software on the VMware machine.... Nothing... Finally did a power scan with the symantec...said excel? Was infected?  Since I rarely use blew it away...reran tests again everything it said was clean?

I thought I was in the clear until this morning when I got a Win32/Bifrose.  Did everything I could think to get to that file no luck, vmem to provide couldn't, get to it.

All sharing off, isolation mode on...could this be VMware thing?  Not sure how it is by passing straight to the Mac? 

At any rate it...I'm killing the entire machine might rebuild? Im just hoping the Mac can will be clean after.  :-\

- Thanks






« Last Edit: September 29, 2013, 07:01:25 PM by Dumbuggggs »

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2216
Re: win32:KillAV-PI false positive?
« Reply #3 on: September 30, 2013, 10:50:59 AM »
Hello,
how big is that file? Maybe there is limit for file size in the chest, which can be modified.

Milos