False alarm fixed?!?

Hello again!

So, made a post earlier like many others about the Win32:Trojan-gen. {Other} virus that semmed to affect many Avast users (if not all of them), well i just got a new update from Avast and the “virus” seems completely gone.

Is there a simple explanation to what went wrong with the latest update since it seemed that it was the cause of this problem?

(That really got me to sweat btw since it just wouldn´t go away)

Thanks again all for fast reply and an outstanding product!!

Forgot to ask: Why is it that most people, including myself, had this problem appaear in the WinRar folder?

Well, generally speaking, a bad detection (signature) of the rar packed files could be the problem. They should change the virus signature do not think a clean file is infected… ::slight_smile:

I too experienced several Trojan-Gen false alarms and now have three files in the virus chest: mpr 16.dll, msupdate.exe, and powerprof.exe. I was wondering what, if anything, I should do with the files.

I have Windows XP Home edition. I’m not sure what other info would be relevant.

In addition to avast! 4 Home, I use Spysweeper, Spybot and Ad Aware. I also installed Trojan Hunter before I knew that the alarms were false. It has been well-reviewed and seems to be a useful compliment to avast! so I’ll keep it.

This is the first time I’ve had occasion to use this forum. After reading several of Artras’ admonitions to add to an existing thread, I hope I found the right one. :wink:

Thanks

Wellcome :wink:
Generally, it’s just wait some days and, after you are sure the files are not necessary and then delete them. They won’t harm or escape from the Chest. Keep cool :wink:

Old Runner, I wouldn’t say that these were false alarms. I recommend rescanning the files with the latest virus database.

Ok, I scanned the files and got this result. Now what?

Scanning of selected files

Action was completed successfully!

Virus has been detected!
File Name: mpr16.dll
FileID: 19
Virus Description: Win32:Trojan-gen. {Other}[/left][/left]None of the spyware or anti trojan software thinks there’s a probelm.

Old Runner, did you follow Vlk?
For on-line scanning, see http://www.security-ops.tk/ :wink:

Old Runner
See the following URL for info and instructions. Looks like you hooked a good one.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SLOWFLODR.A&VSect=T

I used Trend Micro’s online scanner yesterday evening and it came up with three positives in my Sun Java Cache. I’m not home and forgot to write down the names of the viruses, but I think they may have been of the type described on the Trend Micro Web site:

[*]COUNT.CLASS – this loader class is the one responsible for opening the exploit that allows the Java VM access to the system registry.

[*]DUMMY.CLASS – this class contains a dummy class named URLClassLoader.

[*]NOCHEAT.CLASS – this is the main class component of the Trojan. It can execute several commands when used with the following parameters

I still have the two of the three in the avast! chest and could post the names later if anyone is interested. avast! did not detect the third.

Neither avast! nor Trend found VBS_SLOWFLODR.A, so if I had it I may have gotten rid of it as I was flailing around with various AVs.

Thanks for the advice.

Hi,

if you still got the files, please send any virus-files not detected by uptodate avast to:

virus (at) avast.com

:wink: