Win32:Spambot-EI[Trj] in Quicken program folder: FP?

[Bolt]

Avast! identified the file, iBill.dll, located in the Quicken program folder (Quicken 2008) as infected by Spambot-EI[Trj] yesterday evening, using VPS 090805-1.  Virus Total indicates just Avast! and GData identify it as malware (see here: www.virustotal.com/analisis/15bcd684322594ab080e5a74eeeabe60c0e3520d9b05587062eee36bf33f364e-1249524385 ).

I moved the suspect file to the Chest, and it broke Quicken  :'( -- even restoring it from the Chest would not repair Quicken, so I had to do a re-install.

I also sent a copy of the suspect file to Avast! with a request that it be examined as a likely FP.

Has anyone else encountered this issue?  Any other thoughts?

[nmb]

Hello bolt,

nothing to worry. just do a manual update after you have clicked the send email icon (if you have sent using avast chest) so that the file reaches avast now!. and you don't have to wait longer for the fix. someone from the alwil team "may" post here regarding this. after the update is released you can scan the file in chest and if it is no more detected as a virus then you can safely restore it.

[douglas9]

Avast! identified the file, iBill.dll, located in the Quicken program folder (Quicken 2008) as infected by Spambot-EI[Trj] yesterday evening, using VPS 090805-1.  Virus Total indicates just Avast! and GData identify it as malware (see here: www.virustotal.com/analisis/15bcd684322594ab080e5a74eeeabe60c0e3520d9b05587062eee36bf33f364e-1249524385 ).

I moved the suspect file to the Chest, and it broke Quicken  :'( -- even restoring it from the Chest would not repair Quicken, so I had to do a re-install.

I also sent a copy of the suspect file to Avast! with a request that it be examined as a likely FP.

Has anyone else encountered this issue?  Any other thoughts?

Received the same trojan warning when scanning my PC this a.m. Had downloaded the latest Avast Program update prior to scan.

[DavidR]

If it is indeed a false positive, it seems this way according to the VirusTotal results, exclude them until the problem is corrected and submit the file to avast:

Add it to the exclusions lists: Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions (right click the avast ' a ' icon) Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

[douglas9]

Restored the file from the infected file section of virus chest without problems. However the "copy" remained in the chest. How do i remove the "copy from the chest". Thanks.

[Lisandro]

Restored the file from the infected file section of virus chest without problems. However the "copy" remained in the chest. How do i remove the "copy from the chest". Thanks.

Right click it and choose "Delete".