my platform

** Avast home edition.
** windows 2000
** totalcmd
** a virus avast can recognise – I have put the virus I used in

http://hsiang.liu.googlepages.com/200648124359805.rar

. Indeed, it is not a vius. It’s only a passwd revealer. many antivus product would not consider it as a virus. you can test it on www.virustotal.com.

Description

Avast does’t block the copy action when I copy the infected .exe file from the archive 200648124359805.rar in totalcmd ( explorer will be the same too, I believe). No matter whatever action you selected when avast prompts you.
This situation will only happen after my windows 2000 OS wakes up from hibernation.

PS:

on My another windows XP system, avast behaves normally and does not present the problem mentioned above.

Solution

I have removed avast using the official remove utility:aswclear.exe and reinstalled it. Things seem go well now.

The .rar archive seems clean with Dr.Web.
But, please, do not post a ‘live’ link to a possible infected file here. Can’t you edit the link?

avast does not block it but does avast detect it?
Which is your sensibility level? High or Normal on Standard Shield?

avast detected it! and then avast prompted me to take a furthur action such as delete , move it into chest… but whatever actions i take, the pspv.exe was still copied to another place succefully from the archive file.

the keypoint is hibernation!! I have mentioned “This situation will only happen after my windows 2000 OS wakes up from hibernation.”

the link file is a old version nirsoft’s product. see http://www.nirsoft.net/utils/pspv.html. Anyhow, we should not run it. For test, we only need drag/copy it.

If you insist, I will remove the link here. but I hope it can be preserved for some days.

I keep avast default settings without touch. So, It should be standard shield.

You don’t have to remove the link, that wasn’t what Tech said, the key is ‘Live link’ you can break the link so it can’t be accidentally clicked by the inexperienced or curious but able to be cut, pasted, edited and downloaded, or using the code tag which doesn’t make it live/active, etc.

http://hsiang.liu.googlepages.com/200648124359805.rar

http : // hsiang.liu.googlepages.com/200648124359805.rar
Neither of which are active links but those who need to check will be able to cope. You could also have sent the file to virus @ avast.com

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

Thank you for your explanation about live link. I have modified it.

PS: I am not seeking a false virus report. Plz read my topic again.

My mistake, I thought because of your reference to VirusTotal not detecting it as a virus this is what you were also concerned about.