Doing a boot time Avast scan, I found the following :
CFD.exe.back C:\Program Files\Broadjump\Client Foundation 16/12/2002 time 21/04/2008 Win32:Cfd[Adw]
I sent this file to the chest.
What is surprising for me is the fact that this file was lying on my PC for months and never been detected
by Avast before. As far as I can remember, I have in the past changed the name of this file, because
I could read somewhere on Internet that Broadjump Fundation was somewhat suspicious and a way
to freeze it was to rename this file.
So I added the .back suffix.
How do you explain that this file was not detected as [Adw] by Avast before ? Was it detected
because the last version of Avast now detects Spyware and Adware infections ???
(I have the Apr2008 Avast version {4.8.1169}
The day after I ran the boot scan, I made a SpywareTerminator run. It produced the following report :
Invalid Startup Items (Invalid)
The ‘Invalid Startup Items’ are items that are linked to non-existing file in your Registry.
(just to tell, as far I can understand, that the linking entry entry was still there, despite linked
object was no more there; should not Windows XP warn me when a program entry is missing at
boot time?)
(I have now deleted the Broadjump Fundation entry from my PC using the “Ajout/Suppression
des programmes” using my configuration Panel).
Shall I post the infected file by E-mail to ALWIL ?
Detection signatures are continually updated so it could catch it at any point in the future of its arrival on your system.
AS suggested it might be an FP.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Why only Avast detects this file? Does it mean this file definitively is a FP ?
I have moved it in a separate folder, shall I delete it ?
Will it mean that all people with this Broadjump Fundation and Avast last version
together might be warned the same way ?
(I have rummaged around the Internet and could read this product is at most consided
as spyware/adware and can be removed without any problem, so one can think Avast
is the only one doing the right way , but perhaps depending the trick it uses to do so ).