I think my problem is this, I´m victim of false positives with PowerPoint from Microsoft.
I use Windows XP Home Edition with SP 3.0 in a laptop with Windows Firewall activated as the only firewall. Installed the Avast! v 4.8 Personal Edition and Lavasoft Ad-Aware v 7.1.0.12. No others security programs.
When I try to open a PowerPoint presentation, my Avast! says my system has traces of a malware named ‘Win32:Trojan-gen {Other}’ in C:\Archivos de programa\Microsoft Office\Office\POWERPNT.EXE and doesn´t open it.
I scanned the presentation apart and no viruses were found on it, and when I disabled the antivirus I am able to open the presentation easily. It happens with all of my powerpoint files.
My PowerPoint version is from Microsoft Office 2000 Premium.
Has anybody had the same problem? And how I could fix it?
First, I’m going to say that unfortunately Ad-Aware isn’t exactly the best program out there (anymore) for malware detection / removal. I’d uninstall that.
I can’t remember what the filenames for office 2000 programs are, but I thought office 2k’s version of power point’s exe file was powerpoint.exe. I could be wrong.
Anyway, let us know what virustotal.com says about that file.
We may have a rootkit here, and you’ll have to download hijackthis so we can get a better idea of what’s infected.
I can´t paste the full log because it exceeds the maximum allowed lenght for the posts.
It seems that it has been reported before and only 13 of the 40 antivirus programs detected it as a virus.
I also noticed that the POWERPNT.EXE icon disappears in the Office folder and is replaced by a windows generic icon when Avast! is activated and remains ok when Avast! is deactivated.
And surprise!..in my desk computer running the same Windows XP Home Edition SP 3.0 with the same Avast! version nothing happens. The same POWERPNT.EXE from the same installation disk in running happily without any problem. How can you explain that?.. ??? ??? ???
We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.
CharleyO, yes, I’m using windows firewall AND my router’s firewall.
But, what about my problem with Powerpoint? Fixing these two lines should resolve it? I have no idea of dealing with Hijackthis or programming at all, I’m only a basic user of windows and cannot understand the meaning of the links you posted. Sorry for my ignorance, but I need much more basic instructions… :-\
I can not say that fixing the 2 entries will help your powerpoint problem but fixing those 2 entries will not hurt.
The first entry, 02, has nothing to do with it for sure, but, fixing this entry will clean out a registry entry that is no longer in use. At some time, you probably used Live Messenger but since this entry no longer has a file associated with it, it is of little use. So, fixing it with HJT removes an invalid registry entry.
The second entry, 020, is an “open door” for malware to do whatever it wants to. It is possible that if you do have an infection on your computer that has infected your powerpoint files, then this may be a way for it to happen.
An example of this can be found in the link below. Scroll down to be box labled Registry. http://www.avira.com/en/threats/section/fulldetails/id_vir/3265/tr_drop.stration.677.html
This entry really does need to be fixed with HJT.
I´ve just deleted the two entries and I hope my computer be safer now. I was really afraid of making something wrong with HijackThis, but it has been easier than I expected. I´m very clumsy with computers… :-[
Sadly, my problem persists. I hope someone anywhere be able to explain what is happening to my powerpoint…I really cannot understand why it works well in my desktop but not in my laptop.
Finally, I’ve desisted. After deeply cleaning my laptop I scanned with Avast and Kaspersky. All was ok. No virus found. But reinstalling Office the problem returned. Again the same supposed ‘virus’. Again a new cleaning.
At last, I replaced the POWERPNT.EXE file in the Office subfolder from the desktop to the laptop, and all worked well…!!! Avast remained quiet…!!! :o :o :o
May it be a matter of ‘environment’?. Why the same installation disk gives me a ‘virus’ in a computer but not in the other?
