Malware Found, but Avast says clean

Hi

Was sharing files to laptops shared folder and MSE that i’m still running on this PC til Avast 6 is final, detected in frostwire.exe file, Adware:Win32/Open Candy

(Actually on this PC later, going back to Avast 5.1.889)

Did a scan with Avast 5.1.889 on laptop–came back NO Threats found

Is it a false positive from MSE? or nothing to worry on

Or should i take more cleaning steps on laptop PC

upload the file to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here

alternatives
VirScan http://virscan.org/
Jotti http://virusscan.jotti.org/en

Check your comp for malware with

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
Always update the program so you have latest database before you scan
Click the remove selected button to quarantine any infections found

You may post the scan log here if anything is found

Try a forum search for frostwire.exe as there has been a topic about it recently an only MSE and one other consider it an issue out of 43 scanners on virustotal.

However a more recent VT scan doesn’t find anything including Microsoft, http://www.virustotal.com/file-scan/report.html?id=edb5304678788706899597cca672f8021915a4d71bfe4a39a2998aad41e45840-1297865642

Yeah MSE, and Mcafee detected it on virustotal, results coming in a moment from the virustotal scan

Well if Laptop would let me transfer the file to Desktop to run Virustotal scan lol, but right now laptop is froze lol, will work on getting the file to this PC for virustotal scan, and will post the results then

Think will scan all the PC’s anyways later tonight with Avast 5.1, and Malwarebytes

Probably am safer with avast with my p2p habits, and all that actually than i am with MSE maybe

I will still post the results from the virustotal scan soon as i can

If the laptop is on the net…is it?..then you can just upload to VT from it…

Virustotal results

McAfee 5.400.0.1158 2011.02.17 ASKToolbar
Microsoft 1.6502 2011.02.16 Adware:Win32/OpenCandy

Those are the 2 that picked it up, rest was no detections

2/43

http://www.virustotal.com/file-scan/report.html?id=bd3964ee028104cf61d4ac6e20d6c5ad7eb2fad8cde193a74a5d9543e7969657-1297946983

As you can see from my VT link, from the day before this was clear on all scanners, so it was a virus signature update between those two days that triggered this. When previously it wasn’t considered a problem.

When this happens on long established software (and coming from sourceforge) it is usually an indication it is a false positive and the VT results tend to support that view.

Oh ok thank you Everyone

been running Avast for 6 years, just decided to try MSE a bit on the Desktop, but think i do trust Avast quite a bit, so think will switch Desktop back early tomorrow, MSE i think or i hope uninstalls cleanly lol, and then can just put Avast 5.1 in, register, update, configure, and set

Thank you all for reply, really do appreciate it

You’re welcome.

Adware:Win32/OpenCandy
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy

Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. User-specific information, including a unique machine code, operating system information, locale (country), and certain other information are sent to a remote server without obtaining adequate user consent.

And the McAfee ( ASKToolbar ) detection may be a PUP detection , it does not always show on VT
A PUP (potentially unwanted program) http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html

So does frostwire come with ask toolbar bundled ?

These possibly unwanted toolbar issues can be managed easily via using toolbarcop, see: http://windowsxp.mvps.org/toolbarcop.htm

OpenCandy and Ask bar installs could be considered such possibly unwanted browser extensions as they are coming “on the back” of another software install you choose and you did not agree to installing these additionally whether they are actually harmful or not
like there are:

Browser Helper Objects (BHO)

Toolbars

Standard Toolbar buttons

Context menu Extensions

Download managers

Protocol Handlers

Horizontal / Vertical Explorer Bars (side-search bars)

Startup applications originating from RUN registry keys.

polonus