Systme found Win32:VB-EIX [Trj] in file Utility.dll as system log recored "2007-7-13 12:35:04 SYSTEM 1432 Sign of “Win32:VB-EIX [Trj]” has been found in “E:\游戏\QQGAME\common\Utility.dll” file. "
And, qq is a very popular instant messeger software in China, qq game is an addtional game service provided by Tencent company, I download it from the offical website. After the latest update of avast, that file is reported as infected, and the whole program can not run. Is there any mistake or virus? whould you please provide further information on this, thank you!
ps: due to the limitation of attachment, i cannot post the file here
Thanx for the English explanation. There seem to be quite many people reporting a similar problem. Hopefully, this thread will help.
[Edit]Deleted session ID following the advice of DavidR below. How careless of me and thanx, David.
I suggest you edit your link it contains your Session Id, to this http://forum.avast.com/index.php?topic=29316.0, I edited the quoted link.
We were warned by one of the Moderators to be careful when posting links as they can contain a session Id.
Thank you all, and I’ve found a way to let avast bypass that file, but I am still worried about that viurs issue…If there is a real threat, it may lead a hard situation for Tencent company, and the users, who are more important.
I assume you mean you have excluded it from scans, but you can confirm the detection.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
If avast is the only one to detect this then you need to send the sample to avast for analysis and correction of the VPS.
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location.
Here is the scan result from
http://www.virustotal.com
File Utility.dll received on 07.15.2007 13:08:18 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.7.14.0 2007.07.14 no virus found
AntiVir 7.4.0.39 2007.07.13 no virus found
Authentium 4.93.8 2007.07.13 no virus found
Avast 4.7.997.0 2007.07.13 Win32:VB-EIX
AVG 7.5.0.476 2007.07.14 no virus found
BitDefender 7.2 2007.07.15 no virus found
CAT-QuickHeal 9.00 2007.07.14 no virus found
ClamAV devel-20070416 2007.07.15 no virus found
DrWeb 4.33 2007.07.15 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3784 2007.07.14 no virus found
Ewido 4.0 2007.07.14 no virus found
FileAdvisor 1 2007.07.15 no virus found
Fortinet 2.91.0.0 2007.07.14 no virus found
F-Prot 4.3.2.48 2007.07.13 no virus found
Ikarus T3.1.1.8 2007.07.15 no virus found
Kaspersky 4.0.2.24 2007.07.15 no virus found
McAfee 5074 2007.07.13 no virus found
Microsoft 1.2704 2007.07.15 no virus found
NOD32v2 2399 2007.07.14 no virus found
Norman 5.80.02 2007.07.13 no virus found
Panda 9.0.0.4 2007.07.14 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.14 no virus found
Symantec 10 2007.07.15 no virus found
TheHacker 6.1.6.146 2007.07.13 no virus found
VBA32 3.12.0.2 2007.07.14 no virus found
VirusBuster 4.3.23:9 2007.07.14 no virus found
Webwasher-Gateway 6.0.1 2007.07.15 no virus found
Aditional information
File size: 122436 bytes
MD5: e40412bf6ffd776c3f355070d0cd8ba5
SHA1: b7040543ed3b0bbcacdb2a03ce0b26e65c907eab
I hope that will help
I think that is fairly conclusive, send the sample to avast (as in my last post) and add the file to the exclusions.
Add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location.
When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.