One of my machines picked up a ThinkPoint infection, which shows up as c:\Documents and Settings[User Name]\Application Data\hotfix.exe. Uploading that file to Virus Total confirms the infection, and according to virus total, both Avast 4.8.1351.0 and Avast5 5.0.677.0 with today’s update (2010.11.29) identify the infection:
http://www.virustotal.com/file-scan/report.html?id=805d0a72469e85fb2575ec1c3fc9568886281166e59627c6de01f481c2b0a327-1291065709

However, when I scan the same file on a different Windows machine with Avast5 5.0.677 and today’s definitions (101129-1), it reports nothing found.

Furthermore, when I scan it under Linux, using Avast v1.3.0 with today’s definitions (101129-1), it also reports nothing found.

Why does Virus Total’s Avast 5.0.677.0 work better than mine?

Strange indeed.
Are PUPs scanning allowed? Archive files?
Scanning with the Windows Explorer context scanner goes to the same results?

Scanning from Windows Explorer does give a positive.
Opening the user interface and using ‘Scan computer’/‘select folder to scan’ yields no infected files, though the number and size of the tested files in the log matches the successful scan.

Creating a custom scan and enabling ‘test whole files’ yields a positive. Thanks for the hint on PUPs–it got me to look in the right place!

On Linux, the -c or --testfull option is necessary. Now that scanner works, which is important–I like to scan my Windows disks from Linux. (Usually I make a backup disk image over the network using dd and then mount and scan that, but I also have a USB flash memory with a Fedora image with persistent storage that I can boot from and then run avast.)

A big “thank you” for your help. I just needed a hint of which direction to look.

Steve

Hello,
this has nothing to do with PUPs – they are not in v4.8 and on VT it is detected, so it is not PUP. I don’t know why on VT is not showed the part of detection name with “”.

Milos