A false positive?

[anabasi]

Hallo!

Yesterday I downloaded (from a CD purchased with a magazine) the file  ubcd34-basic.iso ; this is the ISO file of "Ultimate Boot", which everyone can download from  http://www.ultimatebootcd.com/
A scan with Avast! (VPS 0639-4  29/09/2006) found in that file the Virus/Worm  "VBS: Davinia" , but a scan with AVG Free (working on another pc) did not find anything: probably it is a false positive.

How could I communicate this to Avast?

(I don't know the correct Avast's account e-mail, and the size file (140 MB) is too heavy for my 56K internet connection)

[anabasi]

Searching in the Avast's web site, I found this page: http://www.avast.com/eng/how-to-contact-alwil-software.html with the informations I need.     
The correct e-mail is  virus@avast.com

[DavidR]

The problem is there are a number of tools in the ultimateboot iso that can be used for good as well as evil and the problem for an AV is deciding intent.
You can pause standard shield and extract the file that is being detected (iso buster) and check that.
avast can scan iso images some other AVs can't unpack the .iso image so aren't able to do a deep scan, I don't know if this is the case with AVG.

What is the file name that is causing the alert, check the avast Log Viewer, warning section.

Assuming you can extract the file causing the alert and check that and send zipped and password protected to the email you found. I have UB CD and had this with one of the cmos tools I think had this issue but, knowing what the UB CD is about and the reason you have it after analysis you decide what you want to do.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

[anabasi]

DavidR

Thanks for your instructions and the links you posted.

The report of Avast tells:
Sign of "VBS:Davinia" has been found in "....\ubcd34-basic.iso\IMAGES\SGD.ISO\boot\sdg\S10en\S30_specialboot\S30hide_and_seek\cd\hd0\part2\menu.lst" file.

I am not able to extract the file causing the alert (I can't now burn the ISO file); hovewer, on 2nd October I sent the informations to  virus@avast.com

Thanks for the help.

[DavidR]

If the reason you can't burn the CD is avast alert then pause the standard shield provider.

Or that you haven't got a program that can extract the files, what CD Burning software do you have ?
Some can burn a CD from an iso image and that would give access to the file.

This google search returns many hits, http://www.google.co.uk/search?q=extract+file+from+.iso+file.

http://www.freedownloadscenter.com/Best/add-file-to-iso.html
However, much of the software isn't free but, they may give a trial period, the meaning of shareware (try and buy if you like it)

[anabasi]

I usually work with BHA "B's Recorder Gold7" (the burning software which I got buying the CD/DVD burner).
Friends told me to use BurnCDCC 2.00   to burn a CD from an ISO image; it is free and works well.

This utility is used to burn an ISO file to a CD/DVD/BD disc.  Many new systems come with a limited CD/DVD software package which lacks the ability to burn .ISO files.

Thanks for your help.

[DavidR]

No problem, a belated welcome to the forums.

[Lisandro]

I've just downloaded Ultimate Boot CD (Basic) 3.4 and nothing was found with the last VPS