Hi, I’m new here so I hope it’s okay to start a new topic about this.
My Avast ran it’s morning scan and it turned up two - Win32:JunkPoly-B [cryp]
One is:
AO194526.exe C:\System Volume Information_rest…
The second one is:
PPCInfo.exe C:\Program Files\Online Services\Peo…
I’m not too computer literate when it comes to all the fine details, but right now they’re in the virus chest. I did a Google search for these and could only find old information about them. Are these a false positive or is it something I should be worried about? I’m running Avast version 5.0.677 on Windows XP - service pack 2.
and in the System Volume Information under restore A0002824.exe and A0002825.exe
I have since deleted these files from the chest. In the past the Virut-C virus has been detected on this computer using Avast. All boot-scans and MBAM scans have been clean.
I am using XP on a Compaq PC. Should I be worried about a possible serious infection?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
########
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (a protected area) and investigate. There is little point in quickly deleting it from the chest.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Leaving it to sit there won’t help in resolving the problem, they need you to report it and send a sample for analysis. It never hurts to be pro-active and don’t rely on someone else who might also have had this alert checking it on virustotal and sending a sample. First you have to confirm that it isn’t a good detection as outlined in my last post (virustotal). If a false positive then you need to submit a sample to avast or they won’t know about it.
I just scanned the 2 problems that were placed in the vault and they both scanned saying ‘no virus’. Is it safe to assume they are false positives?
Sorry I didn’t do as you suggested, I get very paranoid about doing things I don’t quite understand. Should I send it to the virus lab to have them check it out?
You can send a file to avast by right clicking the file in the Chest and choosing “Submit to virus lab.” A short form will open where you can give information and then click on Submit.
If you have subsequently scanned them in the chest and no detection was made, then they were most likely false positive detections and can be restored. So the likelihood is someone else submitted them and the virus signature has been updated.
The one from the system restore area, AO194526.exe C:\System Volume Information_rest… you are unlikely to be able to return it back there, which is no problem as the only reason it was there is because the PPCInfo.exe C:\Program Files\Online Services\Peo… file was moved to the chest.
To restore the file from the chest, open the chest and right click on the file, select Restore. Confirm that the file is back in the original location and you can delete the one from the chest; a copy remains there just in case the restore happened to fail so you still have a copy.
Hi, I just finally got around to making sure the PPCInfo.exe~ C:\Program Files\Online Services\Peo… file was restored : It was, but like you said the A0194526.exe ~ C:\System Volume Information_rest… wasn’t found. Is it okay to delete that from the chest too since it was connected to the PPCInfo file?
Once again thanks for all your help. ;D I have recently installed Spyware Blaster to work with all my other protection programs so hopefully I won’t have any problems in the future.
Yes you can delete it from the chest, there really is no point in worrying about trying to replace old restore points, as a) it is a windows protected area and avast is unlikely to be able to slot it back it and b) the only reason it was in the restore point is due to it being moved in the first place.
