Latest update finds trojan

Avast Free Antivirus / Premium Security
1

C:\PROGRAM FILES\ONLINE SERVICES\NETSCAPEONLINE\NSSE

location of trojan according to 4.8.1290 update. Is this a false positive? I sent it to chest, tried copying into
Virus Total but couldn’t. Haven’t had this happen in so long I’ve forgotten how to get the name of the
trojan from the chest without opening a nightmare.
Please advise next steps.
Donna in AR

2

C:\System Volume Information_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1324\A0171333.exe

2nd file found while running an Avast scan so it must not be a false positive. The Trojan is listed as
Win32.Trojan gen. However, some time ago when win32 worms were found they were false positive in several files.
Please advise,
Donna

3

Your first one doesn’t actually give a file name or the malware name.
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

The above should allow you to upload the file to virus total.

Personally I wouldn’t waste to much time and energy on this one, C:\System Volume Information_restore. The reason it is in the C:\System Volume Information folder is because at some point it has been deleted or moved from one of the system folders, etc. and system restore creates the _restore point as a just in case style back up.

I also believe if there is any doubt about a restore point it is better in the chest, where it can do no harm or possibly bite you in the rear if you use system restore in the future and that included the suspect restore point.