Yesterday I downloaded (from a CD purchased with a magazine) the file ubcd34-basic.iso ; this is the ISO file of “Ultimate Boot”, which everyone can download from http://www.ultimatebootcd.com/
A scan with Avast! (VPS 0639-4 29/09/2006) found in that file the Virus/Worm “VBS: Davinia” , but a scan with AVG Free (working on another pc) did not find anything: probably it is a false positive.
How could I communicate this to Avast?
(I don’t know the correct Avast’s account e-mail, and the size file (140 MB) is too heavy for my 56K internet connection)
The problem is there are a number of tools in the ultimateboot iso that can be used for good as well as evil and the problem for an AV is deciding intent.
You can pause standard shield and extract the file that is being detected (iso buster) and check that.
avast can scan iso images some other AVs can’t unpack the .iso image so aren’t able to do a deep scan, I don’t know if this is the case with AVG.
What is the file name that is causing the alert, check the avast Log Viewer, warning section.
Assuming you can extract the file causing the alert and check that and send zipped and password protected to the email you found. I have UB CD and had this with one of the cmos tools I think had this issue but, knowing what the UB CD is about and the reason you have it after analysis you decide what you want to do.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
Thanks for your instructions and the links you posted.
The report of Avast tells:
Sign of “VBS:Davinia” has been found in “…\ubcd34-basic.iso\IMAGES\SGD.ISO\boot\sdg\S10en\S30_specialboot\S30hide_and_seek\cd\hd0\part2\menu.lst” file.
I am not able to extract the file causing the alert (I can’t now burn the ISO file); hovewer, on 2nd October I sent the informations to virus@avast.com
If the reason you can’t burn the CD is avast alert then pause the standard shield provider.
Or that you haven’t got a program that can extract the files, what CD Burning software do you have ?
Some can burn a CD from an iso image and that would give access to the file.
I usually work with BHA “B’s Recorder Gold7” (the burning software which I got buying the CD/DVD burner).
Friends told me to use BurnCDCC 2.00 to burn a CD from an ISO image; it is free and works well.
This utility is used to burn an ISO file to a CD/DVD/BD disc. Many new systems come with a limited CD/DVD software package which lacks the ability to burn .ISO files.