« previous next »
Pages: [1]   Go Down

Author Topic: addc.htm worm ?  (Read 2624 times)

0 Members and 1 Guest are viewing this topic.

OMR

  • Guest
addc.htm worm ?
« on: March 27, 2006, 12:11:14 AM »
Hi All – Nice board here !

Running Avast! Home 4.6 on an old computer with Win98.
Ran a scan last night using all the latest auto up-dates. Have the Resident Protection set high, and scan my HD with Avast set to ‘Thorough Scan’ and Scan Archive Files checked. Otherwise, everything is set to the default mode.

Found an infected file: addc.htm
C:\program files\netscape\communicator\netcast\addc.htm – VBS: malware – worm, file was dated 10/21/97. I put it the chest, and everything is fine.

I went to Avast Home, and found no reference to it. I then did a Google search, and the only reference  was that it appears to be part of the Netscape, Netcast code.
Just did a search here and found no reference….

What the heck is this thing ?

Sorry if that’s a dumb question, and this is too long ! I’m kind of an older guy, new to all these security programs… there’s so any of them, and so much to learn !

Thank You

Btw – Please don’t give me a hard time about the Win98 machine, have a nice new machine ready to go on-line… it’s just not going to until I get it ‘locked down’ as best I can.  ;) :)


Edit: Sorry, looks like I put this on the wrong board.
« Last Edit: March 27, 2006, 12:18:02 AM by OMR »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89124
  • No support PMs thanks
Re: addc.htm worm ?
« Reply #1 on: March 27, 2006, 01:03:46 AM »
I would say this may be a false positive detection if you have had this file 'addc.htm' on your system for a long time (this is a very old file) after a VPS update it could be detected. Check it out at Jotti, see below to confirm.

Check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out/restore. You may also need to pause the standard shield as it will probably alarm again.
Or VirusTotal - Multi engine on-line virus scanner

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

OMR

  • Guest
Re: addc.htm worm ?
« Reply #2 on: March 27, 2006, 01:42:28 AM »
Thanks you for the advise.
It must be an old Netscape file. As said, it's dated '97, I purchased this computer brand new in '99 and down loaded whatever Netscape was current at that time.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89124
  • No support PMs thanks
Re: addc.htm worm ?
« Reply #3 on: March 27, 2006, 02:00:21 AM »
Let us know how you get on at Jotti, if a false positive sending it to avast helps other users as the VPS will be corrected.

Welcome to the forums.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

OMR

  • Guest
Re: addc.htm worm ?
« Reply #4 on: March 27, 2006, 04:04:43 AM »
OK - Here is what Jotti gave me:

File: addc.htm
Status:
POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 18c95267f8500e87a925907f1aa8df2a
Packers detected: -

Note that only Avast found it.

Same results from VirusTotal.

I'm putting it back in the chest for now, much rather have a false positive than no detection at all  :)

Can I use Avast's built-in reporting to send this to them ?
Sorry - I'm dumb, and don't how to do the zip file  :-[ :-[
But would like to send it to them... helping out it what this community is about right (?)

Thanks
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89124
  • No support PMs thanks
Re: addc.htm worm ?
« Reply #5 on: March 27, 2006, 03:30:41 PM »
Basically this confirms what I thought a false positive detection.

You need to open the virus chest, Infected Files section, right click on the file and select 'email to Alwil Software.' A pop-up will give you the opportunity to give some additional information. Probably the most important info is to state it is a False Positive detection, a brief outline of the problem and possibly a link to this thread.

The method of sending the email 'IMAP' is already set, there is another option SMTP don't change the default setting.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »