Author Topic: Virus on a Virtual Machine file  (Read 4723 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Virus on a Virtual Machine file
« on: October 29, 2007, 11:41:41 PM »
I use Avast on my Vista 32bit PC. I created a Win XP Virtual Machine with VMware 6.0.2 anche Avast found Suela-1042 worm into the file Windows XP Professional-000001-s001.vmdk. I can't understand if it's true or false: before i formatted my PC last time I had another XP Virtual Machine (same installation CD but prvious build of VMware) and Avast found a worm also into that VM!

Can anybody help me?

Thanks a lot,
P@olo.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Virus on a Virtual Machine file
« Reply #1 on: October 30, 2007, 01:20:54 AM »
Most probably a false positive.
It won't harm if you set *.vmdk into avast Exclusion lists by the way. You can remove this setting after the false positive is corrected. I suppose the file is too big to be sent by email to virus (at) avast.com or sent by the ftp upload server.
The best things in life are free.

REDACTED

  • Guest
Re: Virus on a Virtual Machine file
« Reply #2 on: October 30, 2007, 07:32:37 AM »
Yes, the file is very big, approximatively 913Mb! You write that the false positive will be corrected: do you thing Avast Team will create any patch for this problem?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Virus on a Virtual Machine file
« Reply #3 on: October 30, 2007, 12:08:51 PM »
Do you thing Avast Team will create any patch for this problem?
There is no need for a patch, specifically.
Just the virus database should be corrected. Try to update your avast and see if it is still detecting it as a virus...
The best things in life are free.

Offline chocholo

  • Poster
  • *
  • Posts: 645
  • BSC, GSC, MCP
    • Avast
Re: Virus on a Virtual Machine file
« Reply #4 on: October 30, 2007, 01:40:22 PM »
I would recommend installation of the avast! into the virtual machine and set exception for vmdk files. As vmdk is compressed image of physical disk with filesystem, there may be some strings similar to the Suela-1042 worm. I think this cannot be threaten as false positive that can be fixed as those strings in the vmdk files may come up randomly.

REDACTED

  • Guest
Re: Virus on a Virtual Machine file
« Reply #5 on: October 30, 2007, 05:01:48 PM »
I will install Avast also into Virtual Machine: can I use the same License Key that I use in Host machine? Or can I request a new key with the same email address?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Virus on a Virtual Machine file
« Reply #6 on: October 30, 2007, 05:43:03 PM »
can I use the same License Key that I use in Host machine?
Yes.
The best things in life are free.

REDACTED

  • Guest
Re: Virus on a Virtual Machine file
« Reply #7 on: October 30, 2007, 11:27:51 PM »
I installed Avast! into the Virtual Machine and made a complete scan! No viruses were found. I updated definition and program into the Host machine and i checked the vmdk file: it was still recognized as an infected file. I haven't still set *.vmdk into avast Exclusion lists: if i will do, how can I understand when the false positive will be corrected?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89615
  • No support PMs thanks
Re: Virus on a Virtual Machine file
« Reply #8 on: October 31, 2007, 12:32:59 AM »
I don't think that this will be corrected because of what chocholo said in his post, reply #3 as the nature of the VM image file these strings could come up randomly. So it may be that you have to permanently exclude *.vmdk files types.

In order for what is likely to be a false positive avast would have to get a sample to analyse and as you say it is very large at 913MB.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.862) UI 1.0.814/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Virus on a Virtual Machine file
« Reply #9 on: October 31, 2007, 12:39:17 PM »
If i will do, how can I understand when the false positive will be corrected?
They won't... the exclusion list is safe for this extension (vmdk). I have done this...
The best things in life are free.