Avast identifies Wallpaper as Virus?

Suddenly Avast identifies my wallpaper files as viruses. They are Bmp files. How could this be. It said it contained SillyCE-Comp-102 virus and Irus-463 virus. I have searched google for both and it comes up empty. I’m hesitant to run an online virus scanner because from then on Avast reports the scanning software it installs as a virus.

testy
Welcome to the forum.
Did you have the same .bmp files on your system yesterday?

Yes, I have had them for years. I didn’t think it was possible for a virus to be in a bitmap file.

testy

Yes, I have had them for years. I didn't think it was possible for a virus to be in a bitmap file.
I didn't either. I know there was an update this morning. That's why I asked if these are new files. I think this is prob. a false positive. I'm sure Alwil will get to the bottom of it quickly. They always do.

In fact, I had just updated just before I had ran the scan tonight.

I’m curious, which online scanner are you using when you get this reaction? I use Trend Housecall myself, and that plus several others are “regulars” among avast users, and I never heard of this problem before.

Don’t forget to pause your Standard shield before running the online scan, and to resume it afterwards.

make sure they arnt somthing like wallpaper.bmp.vbs or picture.jpg.exe or something like that i am sure there are worms out there that parse your pictures folder and generate code based on thier filenames.
If they truely are bmps or any other image format, they will not be a virus and they are a false positive.

Testy, these signatures are ancient and there’s practically no chance they’d change… Anyway, if you think it’s a false alarm, please zip up the files and send them to the virus lab at virus@avast.com .

Thanks
Vlk

I rmemeber that the Mosquito script virus showed a picture when it was run as a .bmp and that when run as a .bat it really became active and overwrites several image types with itself. Could something like this be the case here?

Yes, this is still from May 18th, 2004, but read it anyway…

Topic name: Beware! BMP files may contain a new virus

http://msmvps.com/donna/archive/2004/05/18/6637.aspx

Cheers !

Agent exploits a vulnerability in MS Internet Explorer versions 5.0 and 5.5 which allows malicious code to be launched on victim machines via modified BMP files. This vulnerability is a direct result of the Windows source code leak and was first detected on February 16, 2004.

Februari 2004 !!! That is NOT new.
IE 5 and 5.5, patches for that are out already a long time.

Vlk, which level of sensibility is necessary for on-access extension recognition?
‘Normal’ won’t test the extensions?

In help files there are few information:
[i]Standard Shield checks the programs you start and the files you access. It will not allow an infected program to be started - so, the virus code cannot be activated.

Normal. Default setting.
High. In addition to the default setting, created and modified files will be scanned as well.[/i]

For on-demand is more clear:

Quick Scan. Only the possibly dangerous files are scanned, according to their extension. It means that the files with extensions EXE, SCR, COM, DOC, etc. are scanned. Within the file, avast! looks only for those viruses that infect the corresponding type of file. It means that macroviruses are not searched for in EXE files etc.
Standard Scan. Only the possibly dangerous files are scanned, according to their content. The file extension is ignored. Again, only the viruses corresponding to the particular file type are searched for.
Thorough Scan. All files are tested, against all viruses.