Today Avast found a Win32:Agent-DPZ Virus on my computer. I moved the file into the container. What to do else? Might it have been a false alert? Help welcome!
You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
What is the infected file name, where was it found e.g.
(C:\windows\system32\infected-file-name.xxx) ?
You could also check the offending/suspect file at and not the results here: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Thank you DavidR.
I did a full scan in the meantime and the same Virus was also found in an older Systembackup File.
The online scanner is great, but i had to turn off my realtime access protection service to be able to upload it. See list below. If it is not a false alert, avast is the best scanner of all. The suspicious program is a part of my DVD player Power DVD and if it is a real virus I have to fear that one of my DVDs is infected. I purchased some DVDs from china in the last time. Is there any tool to check a DVD completely (including boot time programs i.e.)?
Complete scanning result of “TrialMgr.exe”, received in VirusTotal at 12.18.2006, 02:50:18 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.15.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 Win32:Agent-DPZ
AVG 386 12.17.2006 no virus found
BitDefender 7.2 12.18.2006 no virus found
CAT-QuickHeal 8.00 12.17.2006 no virus found
ClamAV devel-20060426 12.17.2006 no virus found
DrWeb 4.33 12.17.2006 no virus found
eSafe 7.0.14.0 12.17.2006 no virus found
eTrust-InoculateIT 23.73.87 12.16.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.17.2006 no virus found
Fortinet 2.82.0.0 12.17.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.26 12.17.2006 no virus found
Kaspersky 4.0.2.24 12.18.2006 no virus found
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.17.2006 no virus found
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.17.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.133 12.16.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.18.2006 no virus found
Most probably it’s a false positive…
I think testing all the media will test the boot programs also…
It would appear to be a false positive.
For now, add it to the exclusion lists.
Send a copy of the file to virus@avast.com , zip it and include the password in the body of the-mail, along with a link to this post and why you think it may be a false positive.
Check the file after each vps update to see if it has been added to avast!
More info on dealing with false positives
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
I found this trojan this morning too. It’s in C:\Program Files\CyberLink\PowerDVD\Trial. I downloaded this free CyberLink DVD program because the offer was bundled with a Creative SoundBlaster sound card which I recently bought, and I needed an MPEG-2 decoder otherwise Windows Media Player would not transfer my music to my mp3 player. I’m relatively new to all this so I guess it could be a false positive. Could this trojan have come with the download or did it just happen to infect this file? Because if it came with Cyberlink’s software then Creative and Cyberlink will be getting some feedback from me!
Do the same checks to confirm a good detection (or otherwise) as above and send to avast also as outlined above if an FP.
Today I tested it again in the chest. AVAST does now say it’s no virus. So it was definitive a false positive, but the latest virus definition table has fixed that. Good work!
::)Many thanks to all repliers!
Glad we could help, you can restore it from the chest to its original location and remove the exclusions (if you haven’t already done so).
Geeze seems that this was also found on my CD Installer of Power DVD 6 OEM after a Full format of my system and Restore to new and reinstalling programs. When going to install Power DVD 6.0 OEM which came with one of my Sony DVDs for the computer, it comes on with the warning and I sent the Report to the Avast team and yet this is not been resolved. I had this same DVD software Running and working just fine before the updates and new install. Now I can no longer use the Power DVD 6.0 OEM that came with the System. Now what other than WMP11 or Nero of which neither do DTS very well. Nor DD 5.1, This is really disturbing, since this was working before an Avast Update.
Is your VPS up to date the latest is 0662-1 for today.
You don’t say what the file name was, is it the same as that reported above “TrialMgr.exe” ?
Otherwise you should create a new topic.
If it was previously working and undetected it could be a bad detection, but you shouldn’t worry you can after confirming the detection using VirusTotal and Jotti above and if avast is the only one you can assume it is a false positive and ad the file and location to the exclusions as mentioned above.