Author Topic: Win32:Searches-E (Read 5673 times)

befo · « **on:** November 30, 2008, 02:41:31 PM »

Hello,

I registered to the forum, because I can't find any information about a virus (trojan), my virus scanner Avast 4 found just this morning. The name is "Win32:Searches-E [trj]".
A rather old .exe-file (from 2003) in the programs directory was infected ("LiveMusic.exe"), as well as (the correspondend?) Windows restore file in the System Volume Information directory.

Does anybody have a clue?

Regards
befo

FreewheelinFrank · « **Reply #1 on:** November 30, 2008, 03:00:15 PM »

Extract the file from the Chest to the desktop and upload to VirusTotal for analysis. (You'll need to temporarily disable avast! while doing this.)

Bababooey2 · « **Reply #2 on:** November 30, 2008, 06:51:06 PM »

Avast also detected one program of mine with this virus. I scanned it online using http://virusscan.jotti.org/ and only Avast and G Data found the virus. Is it possible that it's a false positive? I could not find any method to clean the infected file. Thank you for any help.

DavidR · « **Reply #3 on:** November 30, 2008, 08:16:58 PM »

Highly possible as GData uses avast as one of its two scanners.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

However, I would suggest you upload it to VirusTotal - Multi engine on-line virus scanner (36) and report the findings here the URL in the Address bar of the VT results page.

mcgrailka · « **Reply #4 on:** November 30, 2008, 10:11:52 PM »

Hi, i've just had the same reading from my scanner about a file that was fine, and it now reads Win32:Searches-E

http://www.virustotal.com/analisis/520fe1108aee075a448152b00a28578e

that's my virus total scan results. hopefully you'll be able to help me.

polonus · « **Reply #5 on:** November 30, 2008, 10:15:11 PM »

Hi mcgrailka,

Well I think this to be a false positive of sorts. Forward the file to avast, and hopefully a new update no longer flags it,

polonus

mcgrailka · « **Reply #6 on:** November 30, 2008, 11:18:53 PM »

hi polonus,
thanks for the quick response, i will forward it on to them.

Cheers,
Karel

kubecj · « **Reply #7 on:** December 01, 2008, 12:30:08 AM »

FP, should be fixed in the latest vps. Sorry for any inconvenience.

befo · « **Reply #8 on:** December 01, 2008, 09:14:42 PM »

Thanks to all participants who joined in producing a satisfying answer to my problem - much faster than I was able to react.

befo

DavidR · « **Reply #9 on:** December 01, 2008, 11:09:37 PM »

Welcome to the forums.
This is not unusual for the avast forums