Since todays virus database update I have started getting hits on a program that I have been using for almost 2yrs now. Now I get a warning that the program is infected with Win32:WOW-HN [Trj] (0). It apprears that macafee has also had this problem, see http://www.cosmosui.org/showthread.php?p=59711 and http://www.cosmosui.org/showthread.php?p=59711 postted by doncorneo.
Why did it start all the sudden even when the makers of the program have verified that there are no virus’s in the program?
To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be carefull, you should ‘exclude’ that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file - there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.
Scan taken on 25 May 2007 20:03:49 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:WOW-HN
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan-PSW.Win32.WOW.qt
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan-PSW.Win32.WOW.qt
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
and the totalvirus sacan results
File “Cosmos.exe.prepatch” received on 05.25.2007 at 22:12:20 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they’re generated.
Antivirus Version Update Result
AhnLab-V3 2007.5.24.0 05.25.2007 no virus found
AntiVir 7.4.0.27 05.25.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.25.2007 Win32:WOW-HN
AVG 7.5.0.467 05.25.2007 no virus found
BitDefender 7.2 05.25.2007 no virus found
CAT-QuickHeal 9.00 05.25.2007 no virus found
ClamAV devel-20070416 05.25.2007 no virus found
Aditional Information
File size: 188416 bytes
MD5: 07a75913ed8d3da40b2c7f6bb87e2bf1
SHA1: 8ffd0545eb070b855dcb5b532d0a9eb08e4c0756
I’ll believe on Kaspersky detection, mostly when F-Secure does the same. I’m glad avast detects this one 8)
But in this case, if the file is there for two years, is really strange…
The double extension could make the file suspicious but, after all, it’s hard to say.
You’ll need to wait some days and submit the file again to see what we really get from it.
I too would also treat it as suspect and not an FP when two other strong performers detect the same family name WOW. I would suggest waiting for the full results from VT as that uses the windows version of avast and others and there are more scanners 32 at last count. so you may find others on there.
I too would also treat it as suspect and not an FP when two other strong performers detect the same family name WOW. I would suggest waiting for the full results from VT as that uses the windows version of avast and others and there are more scanners 32 at last count. so you may find others on there.
[/quote]
After a long weekend… The results have come back from avast and it is indeed a false positive… Glad to know that this file is not a virus after 2 yrs.
Thanks to the Personnel at Avast!!