Hi I’ve only had Avast a few weeks. Everything seemed OK, but yesterday I went to open a folder lock program and Avast warned of this virus, Win32 Trojan-gen (Other)
Doing a full computer scan, and scanning the folder lock program only, using several online scanners, only comes up with nothing found. I’ve tried doing these scans with system restore turned off, and after removing folder lock from the computer, always with the same results, nothing found.
After reinstalling folder lock and then trying to open the program, up pops the virus warning again. Everything on my computer works perfectly including folder lock, so I can only presume this has to be a false positive that Avast is coming up with.
Is there anyone on this forum who may know how I can stop this from repeating every time I open the folder lock program. Moving the virus to the chest as recommended makes no difference. Will appreciate any help you can offer.
What was the file name, where was it found example (C:\windows\system32\infected-file-name.xxx) ?
What avast! version and VPS file (virus database) number, e.g. 0630-2 (see about avast!) ?
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
I cannot say I have confirmed it is a false positive. It’s just that none of the online scanners could detect it, yet even after moving it to the chest, it kept coming back each time I opened my folder lock program. Anyway, I’m not sure what caused the change, but after moving it into the chest for the 13th time, it has suddenly stopped appearing.
File Name C:\WINDOWS\system32\windvNT.sys
Malware Name Win32 Trojan. (Other)
Malware Type Virus/Worm
VPS version 0630-2.26/07/2006
This changed to Win32 Trojan-gen (Other) at some point.
As I said earlier, I have only been using Avast for a few weeks and I obviously have a lot to learn about it. Still, it’s nice knowing it has a great forum where I can come for advice.
If it continually comes back than I would tend to think it is a good detection and there is something restoring it. Also a google search for windvNT.sys returns no hits, which in itself is suspicious.
Have you tried the two on-line multi engine scanners in my post (re read the instruction in the previous post) ?
If you haven’t already got this software, download, install, update and run it, preferably in safe mode, Ewido anti-spyware. This should hopefully find whatever is restoring it also.
Do you have a firewall (hopefully not just XP’s firewall ?
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
Also, whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
