avast reports that my notepad.exe is infected by Win32:Qqpass-DY [Trj]
so i moved it to the virus container and extracted it from my windows cd.
avast reports infection again.
so i scanned NOTEPAD.EX_ from the windows cd and avast told me its inflected too
cant be true right?
its A Windows XP Sp2 Home Edition, German CD
i Am using Avast 4.7 Home with VPS from 26.10.2006
A quick look on the forum under the recent posts would help you find your answerâŠâ[avast! 4.x Home/Pro] Re: Virus alert after last update ???â
Iâll let you find it yourself if you havenât already.
hi
notepad.exe does indeed trigger a false positive, and this started today.
if you deleted the files it said were infectedâŠ
then run SFC /scannow (or you used the XP automatic systemfile replacement warning popup that gets triggered when you delete this)
then this will again trigger the false positive soon as notepad is extracted from the CDROM.
I took the Trojan warnings serious and moved the âinfectedâ files to the container (âchestâ). This happened during a scan that was launched outside Windows XP. After having finished the scan Windows started automatically.
I read in the forum about the false alarm and started to restore the notepad.exe files as soon I had installed the update mentioned above.
Unfortunately it took me some time to find ashChest.exe in my D:\Programs\Alwil ⊠folder. I found no link to it: neither in the Start/Programs/avast ⊠menu nor with the avast tray icons.
I wonder if I had made an installation mistake (maybe choosing Volume D for the installation) or if everyone faces this difficulty.
Last: Even after I had restored all the notepad.exe files, I could not start notepad.exe the usual way via the Start menu, because the link %Systemroot%\system32\notepad.exe had been replaced by C:\windows\system32\actmovie.exe .
The Chest is supposed to be accessed by clicking the Chest icon in the Simple User Interface, for example.
Most likely a feature of Windows shell - when a link points to a non-existent file and you use it, it tries to find the âclosestâ match and update the link
it was really shortlived, I got three calls soon after I had seen avast do the update (one in my main, and one in a virtual machine on a testrig).
I told these people to not delete.
they did get another false when they booted, then apparently avast updated, and when rebooted (I had advised F8, no reboot when critical error happens) that was a thing of the past.