avast! version4.6 Home Edition
eMachines T3302
AMD Sempron Processor 3300+
512mb ram
Immediate predecessor version of virus database arrived 12 hours earlier: Scan revealed no infection.
Current version of virus database:0603-0,01/15/06. Two scans found two different locations of what it deems the same trojan.
I have put them in the chest, but if they are false positives I am compromising my system recovery capacity.
D drive is partitioned for System Restore. this is a 2 week old pc with WinXP Home SP2 with all Windows XP patches installed.
scan 1 at medium:
avast found Win32:Trojan-gen.(UPX!)
D:\i386\Apps\App20464\imgvemver1.6.exe
scan 2 at high:
avast found Win32:Trojan-gen (UPX!)
D:\System Volume Information\_restore(F854E3DB-F751-4BE4-A620-64F2CA1BFB5F)\RP45\A0009159.exe
scan 3 with avast quick scanner (D Drive only) for time saving:no problem found
scan 4 at medium: no problem found.
I suspect these are false positives, but I will leave them in the chest until that is assured.
One reason is that sucessive scans found the trojan in different places: the location specified
in the second scan was not identified as a problem by the first scan. I had moved the first
identified file into the chest before running the subsequent scan. A second is that the avast
standard and web shields were running while I was online and didn't report these trojans incoming.
I assume that if a scan shows them the shields would catch them too. Is that incorrect?
Please tell me the bestway to proceed without forfeiting the possibility of restoring my D Drive
System Restore files if they are not truly malware.
I extracted the two files to a desktop folder, scanned them and when avast found same infection put them in chest too.
I used the e mail option in chest, but Outlook Express refused to send the virus files to avast. How do I process them
to allow e mail program to transmit them to avast for verification?
similar occurrence reported 2004 at
http://forum.avast.com/index.php?topic=4991.msg36196
