Author Topic: Virus found (Read 16159 times)

Tipton · « **on:** November 01, 2004, 06:07:22 PM »

Ok, I was trying various ad-blockers this morning, and ended up getting the virus shown in my screen shot. No big deal, I handled the situation by restoring from a clean image file from an external drive. My concern is the fact that I use Avast to right click and scan all exe files before running them. I downloaded two different ad-blockers, both with browser helpers(tool bars for control of the ad-blocker). I ok'd these browser helpers through spyware guard. When I went to un-install one of the ad-blockers, my add/remove screen froze, so I started an Ad-Aware scan. Shortly into the Ad-Aware scan, Avast alerted me of the virus....I assume because the on access scanner was scanning the files Ad-Aware was scanning. I had also downloaded a few firewall exe's from web-attack. I also scanned these files as well before running them. Nothing showed up as infected. Could I have possibly received this virus from the actual web page that I visited, to download one of the ad-blockers? And not from the actual exe file for the ad blocker? Or is maybe Avast seeing the browser helper for the ad-blocker as a virus?

Thanks

Tipton

Vlk · « **Reply #1 on:** November 01, 2004, 06:11:46 PM »

As seen on http://www.avast.com/eng/viruses/vps_history.html, the detection of this particular malware was added very recently (October 27). So it's possible that at the time of download it was not being detected.

Eddy · « **Reply #2 on:** November 01, 2004, 06:12:50 PM »

Installers (.exe) are normally packed.
Did you have archive scanning enabled while scanning the installers?
It could also be the installers where packed with a archiver that Avast can't handle (yet?)

Tipton · « **Reply #3 on:** November 01, 2004, 06:14:32 PM »

Quote from: Vlk on November 01, 2004, 06:11:46 PM

As seen on http://www.avast.com/eng/viruses/vps_history.html, the detection of this particular malware was added very recently (October 27). So it's possible that at the time of download it was not being detected.

Well, I downloaded the file today, about 45 minutes ago.

Tipton

Tipton · « **Reply #4 on:** November 01, 2004, 06:24:27 PM »

Quote from: Eddy on November 01, 2004, 06:12:50 PM

Installers (.exe) are normally packed.
Did you have archive scanning enabled while scanning the installers?
It could also be the installers where packed with a archiver that Avast can't handle (yet?)

I have scan within archives set during a manual full system scan. Where is the setting to make sure I am doing the same with a right click and scan on a single file?

Tipton

whocares · « **Reply #5 on:** November 01, 2004, 06:43:40 PM »

ArchiveScanning for RightClick-Scan (AshQuick) would be available in the PRO-version or
via a tweak found in the USER's FAQs:
http://forum.avast.com/index.php?board=9;action=display;threadid=4818;start=15

Tipton · « **Reply #6 on:** November 01, 2004, 06:53:04 PM »

Ok, are you sure this is not a false positive of some sort? I just checked on my wifes PC, and she has the same virus, in the same folder. I also just checked after restoring from this image file, and the virus is still in there. I have a load of image files that I can keep going backwards through to see exactly when it was installed. Its in the "Webroot shared" folder. The only webroot software on my syatem and my wifes is Window washer 5. I find it odd that my wife would have the same virus on her system. I am willing to bet that the file flagged as a virus is installed with window washer. I can image back to before I installed window washer, and run a virus scan again. Then I can install window washer and see if the virus file returns. I just scanned the window washer exe file that I used to install....it came up clean!

Also I went to the webroot shared folder, and both files in that folder9including the one flagged as a virus) were created exactly the same day and time. The other file is for file shredding within the window washer program.

Tipton

DavidR · « **Reply #7 on:** November 01, 2004, 07:20:30 PM »

Have you checked it out using Jotti?

Jotti - Multi engine on-line virus scanner www.virusscan.jotti.dhs.org if any other scanners here detect them it is less likely to be a false positive.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

Tipton · « **Reply #8 on:** November 01, 2004, 07:22:04 PM »

Ok, I ran a full system scan, and Avast flags the virus for me. I then un-installed Window Washer, which removes the webroot shared folder where the so called virus is living. I then run another full system scan, and I come up clean. So, I then go back to my original Webroot Window washer exe,(Scanned with Avast, and clean) that I received from the official webroot website, and ran the install. Half way through, Avast alerts me that there is a virus on my system. This file is installed with the webroot software. I bet everyone running window washer five, has this file in that same folder.

Tipton

Tipton · « **Reply #9 on:** November 01, 2004, 07:23:51 PM »

Quote from: DavidR on November 01, 2004, 07:20:30 PM

Have you checked it out using Jotti?

Jotti - Multi engine on-line virus scanner www.virusscan.jotti.dhs.org if any other scanners here detect them it is less likely to be a false positive.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

Thanks David, I will scan with another AV! I will report back!

Tipton

Tipton · « **Reply #10 on:** November 01, 2004, 07:39:05 PM »

Ok, I am willing to bet this is a false positive. I just ran an online scan from Trend Micro house call. Came up clean. I will try another free online scan.

David, your link takes me to their page, but it says the board is closed!

Tipton

Eddy · « **Reply #11 on:** November 01, 2004, 07:41:42 PM »

Just submit the file to Jotti as has been suggested. That way you will get the result of several scanners in one go.

Tipton · « **Reply #12 on:** November 01, 2004, 07:50:44 PM »

Quote from: Eddy on November 01, 2004, 07:41:42 PM

Just submit the file to Jotti as has been suggested. That way you will get the result of several scanners in one go.

Heres another online scan from Panda.

Tipton

Tipton · « **Reply #13 on:** November 01, 2004, 07:57:56 PM »

Ok, sorry about that, I got hooked up with jotti. I browsed to the file in question and had it scanned. Came up clean. Whats weird is Avast is in that list of scanners!!

Tipton

DavidR · « **Reply #14 on:** November 01, 2004, 08:02:22 PM »

Nothing weird as that's the Linux version which may have some differences. But it would still appear to be a false positive. Take the actions as previously suggested.

Now you have used the on-line panda scan, you may get other false positives due to the fact they don't encrypt their virus pattern files. If so check the location.

Author Topic: Virus found (Read 16159 times)

Tipton

Virus found

Vlk

Re:Virus found

Eddy

Re:Virus found

Tipton

Re:Virus found

Tipton

Re:Virus found

whocares

Re:Virus found

Tipton

Re:Virus found

DavidR

Re:Virus found

Tipton

Re:Virus found

Tipton

Re:Virus found

Tipton

Re:Virus found

Eddy

Re:Virus found

Tipton

Re:Virus found

Tipton

Re:Virus found

DavidR

Re:Virus found