Author Topic: Virus found  (Read 16169 times)

0 Members and 1 Guest are viewing this topic.

Tipton

  • Guest
Virus found
« on: November 01, 2004, 06:07:22 PM »
Ok, I was trying various ad-blockers this morning, and ended up getting the virus shown in my screen shot. No big deal, I handled the situation by restoring from a clean image file from an external drive. My concern is the fact that I use Avast to right click and scan all exe files before running them. I downloaded two different ad-blockers, both with browser helpers(tool bars for control of the ad-blocker).  I ok'd these browser helpers through spyware guard. When I went to un-install one of the ad-blockers, my add/remove screen froze, so I started an Ad-Aware scan. Shortly into the Ad-Aware scan, Avast alerted me of the virus....I assume because the on access scanner was scanning the files Ad-Aware was scanning.  I had also downloaded a few firewall exe's from web-attack. I also scanned these files as well before running them. Nothing showed up as infected. Could I have possibly received this virus from the actual web page that I visited, to download one of the ad-blockers? And not from the actual exe file for the ad blocker? Or is maybe Avast seeing the browser helper for the ad-blocker as a virus?

Thanks

Tipton
« Last Edit: November 01, 2004, 06:09:46 PM by Tipton »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Virus found
« Reply #1 on: November 01, 2004, 06:11:46 PM »
As seen on http://www.avast.com/eng/viruses/vps_history.html, the detection of this particular malware was added very recently (October 27). So it's possible that at the time of download it was not being detected.
If at first you don't succeed, then skydiving's not for you.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Virus found
« Reply #2 on: November 01, 2004, 06:12:50 PM »
Installers (.exe) are normally packed.
Did you have archive scanning enabled while scanning the installers?
It could also be the installers where packed with a archiver that Avast can't handle (yet?)

Tipton

  • Guest
Re:Virus found
« Reply #3 on: November 01, 2004, 06:14:32 PM »
As seen on http://www.avast.com/eng/viruses/vps_history.html, the detection of this particular malware was added very recently (October 27). So it's possible that at the time of download it was not being detected.

Well, I downloaded the file today, about 45 minutes ago.

Tipton

Tipton

  • Guest
Re:Virus found
« Reply #4 on: November 01, 2004, 06:24:27 PM »
Installers (.exe) are normally packed.
Did you have archive scanning enabled while scanning the installers?
It could also be the installers where packed with a archiver that Avast can't handle (yet?)

I have scan within archives set during a manual full system scan. Where is the setting to make sure I am doing the same with a right click and scan on a single file?

Tipton

whocares

  • Guest
Re:Virus found
« Reply #5 on: November 01, 2004, 06:43:40 PM »
ArchiveScanning for RightClick-Scan (AshQuick) would be available in the PRO-version or
via a tweak found in the USER's FAQs:
http://forum.avast.com/index.php?board=9;action=display;threadid=4818;start=15
 ;)

Tipton

  • Guest
Re:Virus found
« Reply #6 on: November 01, 2004, 06:53:04 PM »
Ok, are you sure this is not a false positive of some sort? I just checked on my wifes PC, and she has the same virus, in the same folder. I also just checked after restoring from this image file, and the virus is still in there. I have a load of image files that I can keep going backwards through to see exactly when it was installed. Its in the "Webroot shared" folder. The only webroot software on my syatem and my wifes is Window washer 5. I find it odd that my wife would have the same virus on her system. I am willing to bet that the file flagged as a virus is installed with window washer. I can image back to before I installed window washer, and run a virus scan again. Then I can install window washer and see if the virus file returns. I just scanned the window washer exe file that I used to install....it came up clean!

Also I went to the webroot shared folder, and both files in that folder9including the one flagged as a virus) were created exactly the same day and time. The other file is for file shredding within the window washer program.

Tipton
« Last Edit: November 01, 2004, 06:57:57 PM by Tipton »

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re:Virus found
« Reply #7 on: November 01, 2004, 07:20:30 PM »
Have you checked it out using Jotti?

Jotti - Multi engine on-line virus scanner www.virusscan.jotti.dhs.org if any other scanners here detect them it is less likely to be a false positive.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Tipton

  • Guest
Re:Virus found
« Reply #8 on: November 01, 2004, 07:22:04 PM »
Ok, I ran a full system scan, and Avast flags the virus for me. I then un-installed Window Washer, which removes the webroot shared folder where the so called virus is living. I then run another full system scan, and I come up clean. So, I then go back to my original Webroot Window washer exe,(Scanned with Avast, and clean) that I received from the official webroot website, and ran the install. Half way through, Avast alerts me that there is a virus on my system. This file is installed with the webroot software. I bet everyone running window washer five, has this file in that same folder.

Tipton

Tipton

  • Guest
Re:Virus found
« Reply #9 on: November 01, 2004, 07:23:51 PM »
Have you checked it out using Jotti?

Jotti - Multi engine on-line virus scanner www.virusscan.jotti.dhs.org if any other scanners here detect them it is less likely to be a false positive.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.


Thanks David, I will scan with another AV! I will report back!

Tipton

Tipton

  • Guest
Re:Virus found
« Reply #10 on: November 01, 2004, 07:39:05 PM »
Ok, I am willing to bet this is a false positive. I just ran an online scan from Trend Micro house call. Came up clean.  I will try another free online scan.

David, your link takes me to their page, but it says the board is closed!

Tipton

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Virus found
« Reply #11 on: November 01, 2004, 07:41:42 PM »
Just submit the file to Jotti as has been suggested. That way you will get the result of several scanners in one go. ;)

Tipton

  • Guest
Re:Virus found
« Reply #12 on: November 01, 2004, 07:50:44 PM »
Just submit the file to Jotti as has been suggested. That way you will get the result of several scanners in one go. ;)



Heres another online scan from Panda.

Tipton
« Last Edit: November 01, 2004, 07:56:51 PM by Tipton »

Tipton

  • Guest
Re:Virus found
« Reply #13 on: November 01, 2004, 07:57:56 PM »
Ok, sorry about that, I got hooked up with jotti. I browsed to the file in question and had it scanned.  Came up clean. Whats weird is Avast is in that list of scanners!!

Tipton

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re:Virus found
« Reply #14 on: November 01, 2004, 08:02:22 PM »
Nothing weird as that's the Linux version which may have some differences. But it would still appear to be a false positive. Take the actions as previously suggested.

Now you have used the on-line panda scan, you may get other false positives due to the fact they don't encrypt their virus pattern files. If so check the location.
« Last Edit: November 01, 2004, 08:03:08 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security