I just reformat my PC, however not with the usual install CDs - my computer contains a restore drive that holds all the files from when my computer was factory brand new, and whenever I need it to it can delete everything on my hard disk and replace it with such.
Anyway, I just did a scan with Avast, and found the following as a “trojan horse”… but it found the file to be a virus definition from another factory installed antivirus ??
False positive?
did you post your file on VirusTotal:
http://www.virustotal.com/
see the results there with other AV products
and just to be sure:
run malwarebyte (quickscan) and post the log here please 
http://www.malwarebytes.org/mbam-download.php (it’s the free version and it’s supposedly good at detecting stuff that other software don’t…)
I think it’s a false positive anyway at 99.9%, but run mbam just to confirm.
So, if it’s really an FP, you can post it to virus@avast.com (that will help improving the database). Put the file in a passworded zip file (give the password in the mail and say you think it’s an FP).
Alright, I uploaded it to VirusTotal, and 3/41 of the virus scanners picked it up as a virus.
Working on the MB scan now
could you also post the link to the virus total results to see exactly what it says…thanks.
Malwarebytes’ Anti-Malware 1.41
Database version: 3044
Windows 5.1.2600 Service Pack 2
10/27/2009 5:21:47 PM
mbam-log-2009-10-27 (17-21-47).txt
Scan type: Full Scan (C:|D:|)
Objects scanned: 135397
Time elapsed: 21 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
…only 3 positives on Virus Total, need others here to confirm but for me it’s an FP
OK, waiting for mbam results…
OK thanks for going through the mbam test, it’s almost like the ultimate confirmation that it’s an FP. Still feel free to upload the file to avast as I said to tell them, so they update their next virus def database.
Other more experienced members might come here in this thread to comment if needed
Hi infernal535 & Logos,
Actually it is two - because a-squared uses the Ikarus scanner, so then leaves avast as second to flag it.
It is more likely to be a FP, if you did not experience any of the symptoms of Win32 SD bot infection as given here: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32/Sdbot
polonus
OK thanks Polonus for the info about a-squared using Ikarus engine, I didn’t know.
Hmm, I haven’t had any of those issues, but then again it has only been about an hour since I reformatted.
I had to restore the file to its regular place in order to scan it again and such, and then I entered my password somewhere, should I be worried for whatever reason?
@ infernal535: don’t know what I was thinking :
your FP is on a symantec virus def folder, why are you running two AV at the same time, this is not recommended at all !!! (I suppose you have norton installed by the OEM)
Ah its the factory installed one 
it expired and isn’t in use anymore
^^^^^
Hmm, I haven’t had any of those issues, but then again it has only been about an hour since I reformatted.
I had to restore the file to its regular place in order to scan it again and such, and then I entered my password somewhere, should I be worried for whatever reason?
no you shouldn’t be worried, it was an FP. But please, expired or not, get rid of Norton What’s this story of password? Why did you have to enter any, what for ?
Oh its just in order to upload the file to VirusTotal, I had to first take the file out of Quarantine. Then, I logged into some website - For a moment there I thought perhaps if it had not been a false positive it could have stolen my password?
no no, don’t worry about that