Hi,
avast! today claimed to have detected Win32:Trojan-gen {other} in one of the files on my notebook. The strange thing about it is, that this is a file that came with the original XP-driver-CD of my ASUS-X-51RL-Notebook (the file was not downloaded or changed, I just copied it from the original Asus-CD to my harddisc). The suspicious file was detected in the folder \SSaver, filename is setup.exe.
avast!'s message looks like this:
http://rapidshare.com/files/127104015/virus.gif.html
I think it must be a false positive, but I would be very grateful if someone could approve this.
(Sorry for the poor english, I’m not a native speaker.)
CAUTION, Suspicious file inside:
hxxp://rapidshare.com/files/127107293/SETUP.zip
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Don’t post direct active links to suspect files, modify your post, , e.g.
hXXp://rapidshare.com/files/127107293/SETUP.zip
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
weitere Informationen
MD5: ef36d43efc7dd318ae509e9d59c851d8
SHA1: abcbe49133bb4ac914d19774efa4b1002b1c572b
SHA256: 4c2deef099135340125a79db648a4fb6a3ebbad4afa99f487601e4f426002ec4
SHA512: bb5ed6fc629d7a23bb1d1eca77f5fc0b50d2135c031e447fd9efa8c3cd02c1259eeaa4d5f3eb01654bf2f036101e15e4c6bb049605ddd371b8ba66aceea035c2
What should I do now?
P.S. Sorry for the direct link, I thougt zipping it was alright.
Hi :
Based on the VirusTotal Report you posted, it appears you should follow the
“False-Positive” paragraph in DavidR’s Post .
By the way, does the “OneTrueGod” have a SPECIFIC Name ?
O.k., I will try to report it.
But I think, if the link on the right hand side (please…fill in the virus report) worked, this would be much easier than posting a message in a forum…
Btw: The real name of TOTG is “Karl Marx” (1818-83). Religion is opiate for the people.
Happy Independence Day, although!