I downloaded some software from someone who was doing everyone a favour. But Avast flagged up a Trojan. I have a video showing how it all unfolded. That’s the screencast link. But you see below the owner reckons that my settings are too high. What do you think? The quote is my email to the owner of the said software.
My AV says there's a trojan in the software. I'll have a video for you to share. You'll hear me mumbling in the background, but it's because it is late.
Here’s the link and I’ll have to go. Speak to you soon.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
I went to Virustotal and got this result - I’ve created a video to show the owner. http://screencast.com/t/nkrjSZz7c I can’t say I want to use it again. Is there a way to stop the trojan operating? I noticed on the interface of Avast it said that saying no, the virus wouldn’t be activated.
If the trojan does bypass an AV scanner, how could you root it out?
I know video might be nice by on dial-up I won’t be viewing it, I tried but it take too long, a simple image or copy and paste of the text results would have been fine.
I did see that only 3 (only saw avast and esafe on the initial image before I quit) out of the 32 scanners though it infected, so I would say the jury is still out.
No finger pointing is necessary as I said the jury is out because I don’t think the VirusTotal result is conclusive (the little bit I saw befor aborting the video). But without publishing the results (which doesn’t identify the application if you don’t post that) on the forum we can’t say for sure.
Three scanners detect something. Avast-Win32:Bifrose-AGY, esafe-suspicious trojan/worm and ikarus-virus.win32.bifrose.agy
Like you said, nothing definite.
@Hackbridge
You should submit the sample to avast for further analization Send it in a password protected zipped email to virus at avast.com Include in the body of the email, the vps, password,and a brief discription of the situation. You may also want to include a link to this thread.
Saying that “Your AV settings are too high” is really a non-answer, at least with avast.
To me the statement seems predicated on the assumption that heuristics are in use. Setting heuristic sensitivity too high can lead to false positives for AV’s that use it, but avast! does not use heuristics in its standard shield. Instead, setting the standard shield sensitivity to “high” in avast! simply means more files will be scanned, not that they will be scanned in a different way.
This neither confirms nor denies the presence of a trojan but I would question such a dismissive answer.