Author Topic: Trojan Horse found in Microsoft Office files?  (Read 4328 times)

0 Members and 1 Guest are viewing this topic.

user1234

  • Guest
Trojan Horse found in Microsoft Office files?
« on: October 13, 2007, 07:33:39 PM »
I just downloaded Microsoft Office Ultimate 2007 for students from http://www.theultimatesteal.com ... a legitimate site from Microsoft.

Avast says there is a Trojan Horse for the file C:\Program Files\Microsoft Office\Office12\GrooveFetchServices.dll

Malware name: Win32:BZub-IG [trj]

VPS version: 000781-0, 10/13/2007

Is this really a Trojan Horse?? Or does Avast just think this it is?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88173
  • No support PMs thanks
Re: Trojan Horse found in Microsoft Office files?
« Reply #1 on: October 13, 2007, 08:02:53 PM »
Well the theultimatesteal.com doesn't seem to be registered to Microsoft (Just selling MS software) and the domain name wouldn't fill me with confidence, but that is likely to be me the trusting sod (NOT) ;D

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline jsejtko

  • Avast team
  • Full Member
  • *
  • Posts: 171
    • ALWIL Software
Re: Trojan Horse found in Microsoft Office files?
« Reply #2 on: October 14, 2007, 12:38:11 AM »
This false positive has been fixed in VPS version 000781-1.

Thank you

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67199
Re: Trojan Horse found in Microsoft Office files?
« Reply #3 on: October 14, 2007, 12:51:06 AM »
This false positive has been fixed in VPS version 000781-1.
Wow... they're fast to correct false positives (as usual) 8)
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88173
  • No support PMs thanks
Re: Trojan Horse found in Microsoft Office files?
« Reply #4 on: October 14, 2007, 01:10:57 AM »
This false positive has been fixed in VPS version 000781-1.

Thank you

Thanks for the update.

Welcome to the forums, J Sejtko of the Alwil virus analysts team.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Rafel

  • Guest
Re: Trojan Horse found in Microsoft Office files?
« Reply #5 on: October 14, 2007, 03:57:16 AM »
VIP's about virus are coming here :D