Hi, I get a notification on a file called remove.exe when I scan the HDD.
It’s in a sound card drive package, apparently the uninstall program.
Here’s the virustotal link:
http://www.virustotal.com/file-scan/report.html?id=d0304a38b75810789bbb6d847c8c99bc26b2d29bb6eac7902e4b4fbc7173e2f1-1291402476
Thanks for any info.
ThreatExpert’s awareness of the file “remove.exe”:
http://www.threatexpert.com/files/remove.exe.html
Malwarebytes did not add detection for the file
Norman analysis: File is not malicious - REMOVE.EXE : Clean!
Sample sendt avast! … 
Some uninstall functions will get pinged, simply because of what they do and this remove.exe. The win32:CIH actions filled the first 1024 KB of the host’s boot drive with zeros and then attacked certain types of BIOS.
So I don’t know exactly what remove.exe does, as some removal tools may overwrite what was removed, but I rather doubt that it is a good detection, given the low number of hits on the VT Results and Prevx calling it a ‘Medium Risk Malware’ which is at odds with the severity of win32:CIH. Other than prevx only avast and gdata detect anything (counts as one), see below.
http://en.wikipedia.org/wiki/CIH_(computer_virus)
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Even though Pondus has sent a sample, I would say you should also - Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Other than prevx only avast and gdata detect anything (counts as one), see belowPrevx have removed detection ....
Definitely now only counts as one and highly likely an FP.
File is detected correctly. File REMOVE.exe is wise (un) installer and one of included file contains part of old virus CIH v1.2 TTIT. Virus couldn’t be active, but is still there. So better detect, than sorry 
Thanks for the input misak.
Thanks for the good explanation why some AV chose to detect and some don`t
And Norman confirmes that
Hi, Might contain some part of CIH infection, it seems to be corrupted. It wont infect other files anymore, its dead.
Avira lab
Thank you for your email to Avira's virus lab. Tracking number: INC00644556.A listing of files alongside their results can be found below:File ID Filename Size (Byte) Result
25970556 REMOVE.EXE 172.63 KB DAMAGED FILE (UNKNOWN)Please find a detailed report concerning each individual sample below: Filename Result REMOVE.EXE DAMAGED FILE (UNKNOWN)
The file ‘REMOVE.EXE’ has been determined to be ‘DAMAGED FILE (UNKNOWN)’. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.