I (my notebook) am infected by win32:Agent-JNH[Expl], why avast not block it?

How possibly it can infect my computer?
Moreover, avast said the file (infected) cannot be repaired.
How to disinfected the files?

here are the filed infected
IBMTOOL\APPS\updater\ibmupdate connector.msi
IBMTOOL\APPS\updater\ibmupdate connector.msi\Binary.newBinary3
windows\installer\22252.msi
windows\installer\22252.msi\Binary.newBinary3

It said "error42060 the file could not be repaired

Thank you

Ronachai :cry:

Info About the Avast Detection:

According to Avast’s VPS History, this exploit was added to the virus database on July 22, 2007. This means it is fairly new to the database which is a reason for the current discovery/previous miss.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive:

  1. add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

  2. Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject. Or you can also send it from the avast chest (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Thanks
It is actually false positive as I checked the file with virustotal.com and none report positive except avast.
Ronachai ;D

Submit the sample to avast as outlined in my earlier post.

I already submit to avast though I didn’t set password (I don’t know how to set password with zip file) :stuck_out_tongue:
Thanks
Ronachai

The chances are it could be intercepted by an email server’s scanner on route so it may not get there, so you should submit it again. I would check out your zip programs help file about password protecting a zip file.

However, as I said in the original post there is an other way.

Or you can also send it from the avast chest (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

This way the avast program takes care of the sample protection.