Avast popped up saying a suspicious file has been detected & so I ran a scan and then looked at the RealTime Shield. When i clicked on Shield Log, it said the virus was found here:
C:\ Program Files (x86) \ TOSHIBA Games \ Chuzzle Deluxe \ Chuzzle Deluxe-WT.exe|>[Emul]
It said that the action was to delete it and then under result, it said “Error: The process cannot access the file because it is being used by another process (32)”
C:\ Program Files (x86) \ TOSHIBA Games \ Chuzzle Deluxe \ Chuzzle Deluxe-WT.exe
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
The detections you found may not work in the same way on VT, hence no detections at all even from avast.
The [Emul] emulation and [Susp] suspicious, detection types are heuristic, behavioural based detections and I don’t know if VT can do those tests or not, in any case toy should submit to avast for analysis as a possible false positive.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn’t hurt.
Just so you know, after I posted the link to virus total, I scanned with Avast again, but using the scan folder feature and scanned that exact folder. When the scan was done, it said a threat was detected and then it showed me the results and I was able to move it to the virus chest then. Did that help my problem? Because I ran the scan again on the folder and then it said no threat was found.
After I moved it to the virus chest, I was away from my computer for a while and when I came back, it had restarted. Then a window popped up saying Windows recovered from an unexpected shutdown. Did this have anything to do with the supposed virus?
Also, just so you know, I have experienced an internet explorer pop up every once and a while about some survey, and when i searched about the survey online, others said that that was adware. Did that have anything to do with this virus?
Sorry for all of the questions, I’m just a bit confused.
And also, when I sent it to the virus lab, nothing happened. I right clicked on the file in the virus chest, clicked submit to virus lab, and nothing happened. No windows popped up or anything. Should anything happen?
Have it analysed and if found to be a false positive, the signature can be updated so it isn’t detected. This then helps all avast users that might have this installed.
I don’t believe this is directly connected to this detection.
Without more detailed info on the Explorer pop-up we can’t really say (screenshot of the pop-up window). If you aren’t using a pop-up/ad blocker in IE you should consider it.
Well MBAM (even the Pro version) shouldn’t get in the way as I don’t have any issue with it.
The windows firewall (shouldn’t be an issue, the XP one has Zero outbound checking and the Vista, win7 firewalls have outbound protection, but it is disabled by default.
You didn’t answer the question about other AVs on this system ???
Try a repair of avast:
XP - Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow.
Vista, win7 - Control Panel, Programs & Features, uninstall a program, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow.
OK, lets make sure that you are proceeding correctly first:
You open the chest, the file needs to be in the chest (you mentioned you couldn’t delete it before) so did you actually send it to the chest instead of deleting it ?
If sent to the chest, you need to be right clicking on the file in the chest and select ‘Submit to virus lab…’ is that what you did ?
