Does this really have virus?

i use AVAST Home.
i need a software, it is a Chinese IME, the software is a freeware, i used this for several years, there are many other people use it too.
now it’s upgrated to v9.3, when i download it from:
http://okuc .net/s oftware/SunWb.exe
the AVAST report the soft contain a virus named Win32:Agent-CTN [Trj]
i searched the software’s forum, only AVAST report this contain a virus, the other Anti-virus software don’t report (like Kaspersky, Norton, etc).

i want to know, does the soft REALLY contain the virus?
Thanks!

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.

Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

I couldn’t scan it with Dr. Web…

Error

Can`t fetch file pointed by your url. This may be caused by several reasons:

* Remote file is not available (not found, requires authentication, permission denied)
* Remote site is down, or very slow, or busy
* No network connectivity between Dr.Web online server and remote web-site</blockquote>

But follow David’s instructions to be sure it’s not a false positive.

I got the same 404 error when I tried to scan with DrWeb, perhaps the file has been removed ???

i’ll test it.

below is result, only avast report virus…

result 2…

i upload this file in:
(OK, delete the link, if someone need it, pls tell me)
can you test it for me?
or this is AVAST’s error?

Please, edit the link. Although the file seems a false positive, avast users can accidentally click the link and think they get infected. Thanks.

Seems and avast error (false positive).

Seems and avast error (false positive).
[/quote]
can ALWIL corret this error? i want use AVAST and this file either.

Please modify your link so that it isn’t clickable to avoid possible accidental exposure to a suspect file, example www . dongzheng.com.cn /temp / sunwb.exe, if you can do the same for the first post also. Though DrWeb link checker doesn’t find anything.

You should send the sample to avast, though this might be difficult as it is 5536.9KB.
Is this the installation file ?
If so scan the installed programs folders, thorough, with archives enabled, to see if you can find the file that is truly detected. Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections, that may show the full path and not the .

I would have thought that it was a file that is inside the sunwb.exe file since it is a packed executable, it also uses two packing methods which I think is strange. avast has very good abilities with unpacking files with more unpacker support than many AV, so I don’t know if that might be why avast can see something.

Send the sample to virus@avast.com zipped and password protected with password in email body and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

You can exclude it from scans as I said before this will stop it being detected, but you have to send a sample for them to analyse, Tech and I are just avast users like yourself.

As a workaround, like David posted before, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be carefull, you should ‘exclude’ that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file - there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

David, I made a test and scanned the installation folder and avast found nothing, but it found the virus in the installation file only, not in the folder.

That is fine so it should require and exclusions to run the application.
This may just be caused by a file used in the process of installation or because of the two compression methods used. In any case if possible submit the file to avast.

You may want to copy the installation file to a CD, etc. so it isn’t on your system, then there is no need to exclude it from scans and would allow for checking in the future.

I sent the file and it was fixed with update VPS 000753-0, 07/1.

Glad your problem was solved… not that bad for a false positive correction, don’t you think?

yes, I wish they were this fast for new viruses updates of user submitions.

Me too :cry:

it’s OK now, thanks a lot!

Thanks for the feedback.