Yay what a lovely day today. I sleep in a little too long. I’m going to the hospital soon and now I think I’m being attacked by a computer virus.
OS: Windows Vista SP1 Home Premium
So I was browsing for e-cards when the screen went blank for a second. So I opened my firewall and I notice a the system wants to access the internet. I never saw this before so I opened Avast! and did a memory scan. Nothing. So I went and opened Spybot. I decided to try the COMODO Firewall Pro scanner. So I let it scan and when I came back it says 6 viruses. Anti-INE.10.asprotect and a few random numbers.
The files are all involving EXPaudioeditor a program I use
C:/Windows/System32/EXPaudioeditor.dll
and a few other closely named objects.
I used Virus total and scanned one of them: Here is the results.
@ Tech
If you read what you quoted and the rest of the topic it isn’t a false positive but something which is undetected by avast.
The possible false positive is with Spybot S&D as when the file was uploaded to VT only two AVs detected anything and they were both Suspicious, so could well be heuristic detections that could be false detections.
So @ alexthegreat this would appear to be an FP by Spybot S&D so should be reported to them, how I don’t know I no longer use the program…
alex: the file was detected with a paranoic heuristics (based on the packer used)… have you tried to google for the file name? or do you know which software this library belongs to?
Scanning Log
NOD32 version 3030 (20080416) NT
Command line: /list+ /quit+ /arch+ /sfx+ /pack+ /adware /unsafe /unwanted /log+ /logrewrite /scanmem- /scanboot- /scanmbr- /log=output.tmp expaudioeditor.exe
Checking CRC of NOD32.EXE: Status OK
c:\Program Files\ESET\nod32.exe - is OK
Scanning memory: Not performed (option disabled)
Scanning MBR and boot sectors: Not performed (option disabled)
Date: 16.4.2008 Time: 12:54:14
Anti-Stealth technology is enabled.
Scanned disks, folders and files: expaudioeditor.exe
expaudioeditor.exe - is OK
Number of scanned files: 1
Number of threats found: 0
Time of completion: 12:54:14 Total scanning time: 0 sec (00:00:00)
2008-03-16 12:54:15 Scan_Objects$305729 starting 1%
; — Settings —
; Action on detect: Disinfect automatically
; Scan objects: All objects
; Use iChecker: No
; Use iSwift: No
; Try disinfect: No
; Try delete: No
; Try delete container: No
; Exclude by mask: No
; Include by mask: No
; Objects to scan:
; “expaudioeditor.exe” Enable=Yes Recursive=No
; ------------------
2008-03-16 12:54:15 expaudioeditor.exe archive Astrum
2008-03-16 12:54:15 expaudioeditor.exe//data0001 archive GZIP
2008-03-16 12:54:15 Scan_Objects$305729 running 50%
2008-03-16 12:54:15 expaudioeditor.exe//data0001//expaudioeditor ok
2008-03-16 12:54:15 expaudioeditor.exe//data0001 ok
2008-03-16 12:54:15 expaudioeditor.exe ok
2008-03-16 12:54:15 Scan_Objects$305729 completed
; — Statistics —
; Time Start: 2008-03-16 12:54:15
; Time Finish: 2008-03-16 12:54:15
; Completion: 99%
; Processed objects: 3
; Total detected: 0
; Detected exact: 0
; Suspicions: 0
; Treats detected: 0
; Untreated: 0
; Disinfected: 0
; Quarantined: 0
; Deleted: 0
; Skipped: 0
; Archived: 2
; Packed: 0
; Password protected: 0
; Corrupted: 0
; Errors: 0
; Last object: expaudioeditor.exe//data0001//expaudioeditor
; ------------------
Enhancing the probability of a False Positive, as I see it,