I have a problem with this little piece of malware. At least once a day, Avast reports that c:\Documents and Settings\All Users\Documents\GameSetup.exe is infected with Win32:Agent-ITS. These reports always happen in pairs with about 10-30 seconds between the two.
I tried a maximally thorough scan with the latest virus definitions and also tried to fix it with SDfix, but it didn’t help.
What are you doing when the alert happens, as surely unless you are using the game than that file would be dormant so not detected ?
Is it always this file and location that are detected ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
I don’t remember installing a game with anything called GameSetup.exe. It’s usually just setup.exe. I always delete this file so I guess that some kind of malware that is not detected by Avast is periodically creating this file that is detected as a trojan. I always choose to delete this file and it is absolutely always created in the same directory.
Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.