Avast found infected file in sfzone!??

I’m pretty sure this has to be a FP. (or not)
Originally found by MBam and quarantined. I restored files today to see what would happen with the AIS v. 7 beta. Avast immediately identified as infected and sent to Virus Chest.
I am not sure at all what exactly these files have to do with SafeZone. :-
Anyone shed some light on these files and whether they are FP’s??
Screen Shots
Thanks. :slight_smile:

Anyone shed some light on these files and whether they are FP's??
start with checking the file(s) at virus total and post the scan links...

Thanks Pondus.
Mmm…Okay, figured it was a FP. I mean associated with safezone?? :-\

https://www.virustotal.com/file/37904fe07c700717f1c0353b01ad5bf53e47b7d83114346e01860c4f6d712a41/analysis/

I believe it is a false positive by MBAM as that is the location of the SafeZone/Sandbox Private storage, which is a protected/encrypted area to keep prying eyes out.

I don’t know how MBAM was able to detect it or what it though it was as you don’t give any information on the MBAM detection.

I don 't know if because of the restoration from MBAM quarantine didn’t trigger avast because of the insertion of encrypted files (essentially outside of the safezone/sandbox private storage) by another application. This however, is supposition on my part.

EDIT:
@ schmidthouse
That VT link is from an upload/scan 11 months ago, which is a bit weird.
Analysis date: 2011-03-18 09:30:29 UTC ( 11 months ago )

Thanks DavidR.

Quote: “don’t know how MBAM was able to detect it or what it though it was as you don’t give any information on the MBAM detection.”

Ya, I don’t know (remember) exactly as the MBam scan was some weeks ago.
Can I restore the files from the Avast Chest and run a quick scan? :slight_smile:

Edit: @DavidR: Yes quite wierd??

Yes, I hate mysteries too.

You don’t have to restore files from the avast chest to scan, just open the chest and right click on the file and select scan.

Yes, this is true. Scan still shows infected file.
I have submitted to avast from chest earlier.

I have to sign off but will re-investigate and if needed will add to this topic in a couple of days as I’m away. :-
Thanks guys. :wink:

You’re welcome.

For extra info You could attach the malwarebytes scan log from that day

I have been searching the forum history on this. Could this be somehow related? Re: forum.avast.com/index.php?topic=78188.0
Not MBAM there, but through SAS false positive,

polonus