Move to chest

[KevinB12]

What is a false positive?

I am not sure what you are saying in your last post.  I plan to remove avast until I can do further reading on the avast AV program.  Is it okay to remove avast even though there are two files in the chest?

Where can i go to get info/instructions on avast?

[DavidR]

It seems a reasonable detection, however, I would still send it to avast for further analysis, as there are effectively 2 detections the avast and gdata being one (as gdata uses avast as one of its two scanners), the other three with identical signatures, Trojan.Small.jhy.5632, seems like too much of a coincidence.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

[DavidR]

What is a false positive?

The detection of a good file as infected.

Also see this link, http://virscan.org/report/6c52f3ddd1f55f973b4c399305be92fb.html and http://www.virustotal.com/sl/analisis/0228a2b2b4db39ef17e9a68a0d32361e, was the file TrueProcess.exe, you never did confirm the actual file name ?

If so there is more of a possibility it could be an FP.

I am not sure what you are saying in your last post.  I plan to remove avast until I can do further reading on the avast AV program.  Is it okay to remove avast even though there are two files in the chest?

Remove avast and the files in the chest would be removed also, so you would have to extract them whist any investigation you carry out, but I wouldn't recommend placing them in the original location in case they are infected.

Where can i go to get info/instructions on avast?

The best place is here, reading the various sticky topics (at the top of the forums) and from the avast help file, which would also be gone if you removed avast. The best place to learn is by practical use of avast and asking questions in the forums (one of the most responsive forums I have come across). I would suggest keeping avast and uninstalling McAfee.

[Lisandro]

Is it okay to remove avast even though there are two files in the chest?

Extract the files to a safe folder. They will be gone when you uninstall avast (unrecoverable).

Edited: sorry, I've missed that David had already answered this 

[KevinB12]

I have gone with your advice and I uninstalled McAfee.  Is the firewall provided in the Windows Security Center sufficient or do I need to download the McAfee firewall?

Is there anything I need to do with the system restore file in the chest?  In an earlier post you said to ignore, but I am not sure what that means.

I am trying to get the infected file to Alwill.  It is not in the User Files.  If I select File and then Add, it comes up with a lot of Avast files.  Do I need to go to the actual location on my C drive and select it?

Last question, is it okay to run Ad-aware, spybot, superantispayware and malwarebytes every so often?

Thanks

[DavidR]

By default the Vista firewall doesn't have outbound protection enabled, when enabled it is rule based and you have to create the rules not particularly friendly. However, there is a tool to help with that, Vista Firewall Control, check out this topic for some user friendly help for the Vista Firewall, Outbound protection, http://forum.avast.com/index.php?topic=30234.0.

[KevinB12]

I have Windows XP, not Vista, so does that make a difference?

[DavidR]

A big one the XP firewall has no outbound protection at all (not just disabled as with vista).

So You need a firewall that provides outbound protection, there are many free firewalls, however if you are comfortable with McAfee you could do a custom install of your McAfee suite and only enable the firewall, that way you wouldn't have to buy the McAfee firewall.

See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

[KevinB12]

Thanks.

Can you answer the question on the infected file and the other scanners?

[DavidR]

1. any file detected by avast and sent to the chest would be in the Infected Files section.

2. When you add a file to the User Files section, on clicking add you get a windows explorer style window, it just happens to open in the avast4 folder. Navigate in the same way you would using explorer to the folder that the file you want to add to the chest is located, select the file and click OK, etc. that adds it to the User Files section.

3. Periodically scan your system with the other anti-spyware applications (weekly, fortnightly, etc.) I do a weekly system maintenance and that is when I do on-demand scans with avast, SAS and MBAM. Prior to doing any scan ensure you update those programs.

I wouldn't give the time of day to AdAware it has really gone downhill from its prime, Spybot S&D I feel is not as good as SAS or MBAM but much better than AdAware. However I believe you can get too much of a good thing and you would spend all your time keeping your security applications up to date and running scans to get any browsing done

You will see what is in my signature, avast, SAS (Pro paid), MBAM and for me that is enough.

That's me for the night, 2:30a.m. here.

[KevinB12]

I tried to run the MaCafee firewall only and it asked that avast be removed before continuing.

I reviewed the forum and it appears comodo is a good option for a firewaill, however it comes with any anitvirus program.

Any other recommendations?

[YoKenny]

KevinB12, how do you connect to the Internet?

The use of an eternal hardware router with a firewall is much better.

Watch the 10 minute video:
http://www.besttechie.net/2008/08/20/malwarebytes-developer-interview

Part 2 is also good.

[KevinB12]

My cable comes in thru a cable company generic modem thru my wireless router to my computer.  I am reading that Dlink, the wireless router does have a firewall, but you may need to enable it.  I need to do more investigation.

In the meantime, I have done so much reading on firewalls that I am more confused.  Question, is Online Armor free compatiable with avast free?  That appears to be the one with the least issues.

[KevinB12]

I am still in the process of trying to send my suspect file to Alwil to review.  I can't locate the file to add it to User Files section.  Am I taking it from the C:\windows or the new suspect folder I set up?  I can't locate the actual file in either location.

Thanks.

[DavidR]

Didn't you send it to the chest when it was first detected (if I remember the early part of this topic) in which case it will be in the Infected Files section of the chest, so there would be no need to add it to the user files section of the chest, you can send it to avast from the infected file section of the chest.