I have a program that is a virus, but the program still works. Is it possible I can keep the program and just extract the virus?
I doubt that it is an actual virus, I suspect that it is either malware, reputation or PUP, etc.
Can you post a screenshot of the avast alert or the full file name and location, plus the malware name that avast is giving it.
Actually avast didn’t detect it. Qi-hoo 360 did. Here is the virus total https://www.virustotal.com/en/file/e014e9065dfa5699dfe4efe018cbf41c3bfc1dc03d55f201ea88d2853327d9d3/analysis/1427390236/
The VT link shows it is detected as malware.
It doesn’t say it is a virus (which are nowadays really rare)
Very likely it is detected by a automated process and not (yet) reviewed by people.
Contact Qi-hoo and ask them about the detection
dont upload archives as it skews the additional info given by VT, unzip and upload the file inside the archive
Contact Qi-hoo and ask them about the detection2015-03-26 17:17:16 UTC ( [b]1 year, 5 months ago[/b] )
if you click on view latest you get another result / detection from Zillya
2016-08-30 12:04:39 UTC ( 5 days, 8 hours ago )
https://www.virustotal.com/en/file/e014e9065dfa5699dfe4efe018cbf41c3bfc1dc03d55f201ea88d2853327d9d3/analysis/
Most likely a False Positive
when files are scanned before always click on rescan for a fresh result, and always upload the file inside archives
The original flag was 1 1/2 years old. File could well be harmless.
McAfee also flags this game cheat, program also may be outdated.
This is an untrusted source: -https://www.google.pl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=12&cad=rja&uact=8&ved=0ahUKEwjW7qyIyfbOAhUCESwKHbzdC8M4ChAWCCswAQ&url=http%3A%2F%2Frgho.st%2F7b78qzkPY&usg=AFQjCNFz6uCX1eLKsOxzDoD7hzbx_oB1yg&bvm=bv.131783435,d.bGg
see: https://trafficlight.bitdefender.com/info?url=http://rgho.st/7b78qzkPY
The malware scan: https://www.reasoncoresecurity.com/csgo-lobby-finder-joiner-v1.2.net.rar-773e090f1090e03c4f5e2a75ee04ea3f35025e8c.aspx
This download site is given as clean: https://www.virustotal.com/en-gb/url/1c4bc705e81429ae23ae1cca936ed708ebd2c0ac8c191bb04c038040cc99c2b7/analysis/1473021754/
Behavior alert: http://r.virscan.org/report/520cc28bd3c140b9aed5ade483657a44
Follow the eventual FP discussion over at StackOverflow for that malcode flagged: http://stackoverflow.com/questions/33998715/visual-studio-2015-community-trojan-heur-qvm03-0-malware-gen
Quote
At the time of this post, activating Enable ClickOnce security settings and setting the Build Configuration to Release will avoid all false positives. Of course, nothing stop Qihoo or another AV vendor to later naively flag all .EXE as malware.
polonus
Given the more recent link https://www.virustotal.com/en/file/e014e9065dfa5699dfe4efe018cbf41c3bfc1dc03d55f201ea88d2853327d9d3/analysis/ mentioned by Pondus, still shows only Qi-hoo 360 detecting this.
With only 1 detection of the 56 different scan engines used by VT is pretty poor and generally would be considered a potential FP.