I am using Fix-it Utilities 6 made by Vcom and when I tried to update the virus pattern, it said that VSAPIMale.exe contained Win32:Agent-CAV [Trj] . I am surprised that a company with a pretty high reputation would add a trojan in their virus updates. Is this a false alarm, or has the company really gone into the danger zone?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
Philly, are you using the last VPS (virus database) version)? 0643-6 : ???
Yes, I am using the newest update. I also tested the file on the sites that the first admin said for me to look up and the files tested clean. However, when I scan them, it still says that they have Win32:Agent-CAV [Trj] in them. The file name is a9jvgqbx.exe . I find it strange that the internet test sites say its clean when one of the many sources for both of those sites is Avast!, but yet Avast! is coming up with a virus warning everytime I scan the file. (and yes, I did take it out of the chest when I uploaded it to the sites) I also find it weird that this problem came from a download update from Vcom. I hope that company isnt becoming corrupt or something.
My upstairs computer has the same trojan, but the file that i transfered to the chest is named VSAPIMale.exe (as mentioned earlier). I got an alert when I opened the folder that contains all the programs I download, which is strange, because I only download safe programs to this file (I always research them on the net before I download them, and they are mostly trusted free security programs like Adaware or Avast! and I think a program for fit-it utilities was in there). I am not trying to bother anyone, I am just really confused that all of a sudden I am getting trojan warnings. If you go to Vcom’s site at http://www.v-com.com/virusinfo/index.php3 , you can see the option to download VSAPIMale.exe right on that page. So do you think VSAPIMALE.exe and Vcom are really the problem, or is this a false alarm?
If they tested clean on Virus Total and Jotti, then they probably are a false positive. Re-read DavidR’s post and submit the file(s) to avast.
If you have the same vps on both computors and scan the same file, it should give you the same result. As for the avast scan at the online scan sites, that scanner may not have been updated when you tested the files.
This is their response, and could u tell me where/how to submit the files to the correct person/place?
Response (VCOM Support) 10/27/2006 09:02 AM
Hello,
I can assure you that our updates are virus free, I am sure it is a false positive.
Customer (Phil Alt) 10/26/2006 08:33 PM
I am using Avast! antivirus, and when I go to your download page at http://www.v-com.com/virusinfo/index.php3 and try to download the virus update (aka VSAPIMale.exe), I recieve an instant message from Avast! 's scanner saying that VSAPIMale.exe contains the trojan Win32:Agent-CAV [Trj] . I have been trying to work with Avast! to find out if this is a false positive, but I would also like to know if your company has indeed put a trojan into the update (infact the update is bigger than usual). I like your product but would be dissapointed if this is true.
Oh, I just downloaded the Avast! update to 0643-8 , and now I am not recieving warnings from scanning the files I listed above, nor the file from Vcom’s site. It seems as though Avast! has fixed this false positive and I am happy. Thank you guys for your help and support. I am glad that this has been resolved and will not scare other people that use Fix-it utilities. Again, thank you very much, and I am sorry if I was being too much of a burden.
Because it is a virus pattern file, this could be the cause. If the virus pattern file isn’t encrypted then avast could be detecting the signatures and not a true virus infection. After all this is what an anti-virus is looking for signatures indicating virus infection. But, as you mention it isn’t detected with the new VPS, it may have been down to confusion with signatures in the file.
You could check with VCOM Support if the actual signatures are encrypted inside the exe file. If they aren’t you would need to pause Web Shield to complete the download and Standard Shield may detect it once the download is complete, but you would at least be able to ignore it.