A scan using avast! 4.7.844 Home Edition, VPS version: 0627-3, 07/07/2006, produces a warning screen “A Trojan Horse Was Found”, with the following information:
D:\Purrint 23\PurrintInst.exe
Win32:Zapchast-S [Trj]
Trojan Horse
Prior to this scan the last scan was one week ago, Friday 30th June, 2006 and nothing was detected. Scans with ewido anti-malware, Ad-Aware and Spybot do not detect anything.
Purrint is a program to “manage your Print Screen button” and I’ve been using it for about 3 months.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
You can add the file to the exclusions as I mentioned and restore the file from the chest, this will allow you to continue to use it. Check periodically after VPS updates to see if the FP (if confirmed) has been corrected.
Hi My roommate got the same virus in Firefox and Thunderbird this morning to when he did a scan and he deleted and he deleted this morning and did not move it to the chest and before he did the update with avast he was surfing and checked is mail and all his mail came up clean. I hope by deleting this worm win32:sality-w he did not mess up. Maybe I am worry for nothing. (Just curious if is False one dose that mean I have to reinstall Firefox and Thunderbird) sorry in asking this question but we are both older people and still learning things on the computer.) Thanks for the info
The program update.exe in the programs from Mozilla (Thunderbird, Firefox and Sundbird) where all effected at work. Though I doubt they are infected.
The updater.exe program is used to update the programs itself and the functionallity of the programs is not effected in any other way that you cannot auto update the program.
If you deleted the update.exe program I think you have to reinstall the program to get back that functionallity. Though you dont have to do that until there is a new version out. If you moved it to the cheast instead of deleting it you can always restore the file from the cheast and should get back the functionallity by it.
Thanks for the info I looked in program files it still shows that I still have the file update file so maybe I am still safe. Thanks again! Plus when I pushed to check update it shows no updates at this time.
Rajor I delete the worm dose that mean I have to reinstall FireFox and Thunderbird over again sorry to ask this stupid question and if so how would I reinstall it.
Thank you Rejor but I deleted the worm and I was just wondering do I have to reinstall it and where do I find it to reinstall it from . When the thing was detacted my roomate deleted the worm. So I was wondering do I need to reinstall the file in both Firefox and Thunderbird or will the update still update. When I checked both to see if there was a update. It said no updates at this time it will check priocally for new updates so that is why I am wondering what we need to know. Sorry that I don’t understand what you mean. Thanks. I just know what you mean about stting and user files and it will fix the missing file
