I just ran a scan of my complete system (Windows XP) and it reported I had one infection: microsoft knowledgebase.url. It said I should move it to the chest which I did.
Was this really a trojan or is it a false positive?
Thanks,
Jim
Upload the file to virustotal.com and report here the link to the report.
BTW, it “seems” the file is a simple link, so are you sure this is the detection avast showed you? You can attach in your next post either a screenshot or a log of the detection.
I uploaded a jpg of my virus chest with the following message:
"I was told to upload the trojan file to this website. I am a bit confused as to what to upload so I am sending a picture of my virus chest. What I don’t understand is there are no recent dates on the list. This happened yesterday which would be Jan. 3, 2012.
All the warning said was I had one infection: microsoft knowledgebase.url. It also said I should put it in my virus chest which I did.
I find it rather difficult to find responses to my messages on the Avast forum site. I finally searched for the word “knowledgebase” and found my messages.
Thank you for your time.
Jim "
Did I do this correctly?
Thanks,
Jim
Sorry, I can’t understand your post. Maybe someone else can;
or
you could post here a link to the specific report in virustotal.com;
or
you could attach a screenshot of your chest in your next post;
or
you could attach a screenshot of the detection (probably this one would be more difficult for you).
Maybe I am explaining myself not clearly enough?
You uploaded the screenshot to virustotal. Please attach the screenshot to the next post here.
To attach, on the left side of the “post + preview + spell check” buttons, open the “additional options” link and attach your screenshot.
I have tried, but the total allowed for attachments is 200 Kb. I can’t get it under 201 Kb… I tried five different formats but can’t reduce it… ???
I just tried a .png format and got it down to 197 Kb but I still got ‘file too large’ message. I didn’t put any words in the body of the letter at all! 
You need to crop the screenshot, so to show only the relevant message of avast. It should be small enough.
If it is still bigger than what is allowed, then reduce the number of colors of the jpg, or the resolution of the jpg.
The whole point is for us to be able to read the report / message (as your previous text descriptions were not enough).
Alternatively, you would need to confirm what is exactly the file that is being detected, since a normal common simple link is very unusual to be identified as malware.
Hi,
Here is the cropped version of the log.
Thanks,
Jim
Don’t take shortcuts
http://countermeasures.trendmicro.eu/shortcut-to-infection/
Microsoft Security Advisory (2286198)
http://technet.microsoft.com/en-us/security/advisory/2286198
The Windows Shortcut Exploit
http://www.sophos.com/en-us/security-news-trends/security-trends/shortcut.aspx
If your OS was/is fully updated then the security hole was closed in 2010…the fix was released Monday, August 02, 2010
http://technet.microsoft.com/en-us/security/bulletin/MS10-046
The Windows Shortcut Exploit affects all versions of Windows; however, the official patch only works on Microsoft-supported systems: Windows XP SP3 or later. If you are using Windows XP SP1 or SP2, we encourage you download our free tool to stop the Windows Shortcut Exploit.
So another good reason for update to XP-SP3
Thank you. If I am correct you are telling me to install something here:
:If your OS was/is fully updated then the security hole was closed in 2010…the fix was released Monday, August 02, 2010
http://technet.microsoft.com/en-us/security/bulletin/MS10-046:"
I found this statement on the above link: “Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically”
My system is fully updated as far as I know. I go to the MS update site and they say I have no updates to install.
Now…if I understand it correctly, the link Avast reported was supposedly corrected by the above. Why then, did it find the link?
Thanks for your continued patience!
jim ???
Thank you. If I am correct you are telling me to install something here: :If your OS was/is fully updated then the security hole was closed in 2010....the fix was released Monday, August 02, 2010 http://technet.microsoft.com/en-us/security/bulletin/MS10-046:"if you read the quote above....the orange part....if you have XPSP3 not necessesary all fixes are downloaded auto...if you have windows update turned on....and i always change the install time to a time when the computer is on. Default is 3 at night
Now...if I understand it correctly, the link Avast reported was supposedly corrected by the above. Why then, did it find the link?what do you mean
even if the OS is patched so the exploit does not work…you can still recive the malicious file
I did a boot-time scan and came up with this report…
Do I need to download something to replace the files that were put into the virus chest?
Thanks,
Jim
Do I need to download something to replace the files that were put into the virus chest?Nope
and the file detected as PUP…PUP is not virus, just a warning
PUP (potentially unwanted program)
http://searchsecurity.techtarget.com/definition/PUP
Just a little comment: If the program detected as PUP is not supposed to be there (the user have no idea that he installed such program), then it is indeed a problem.
It sure would help us helpers if you updated your signature in your PROFILE.
Please go to PROFILE then Modify Profile then Forum Profile Information then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
In Account Related Settings select Hide email address from public? to prevent scammers and spammers harvesting your email address.
Do you have XP SP3 installed?
In this case, they are programs that belongs to hp…and there have been issues posted on these before
http://forum.avast.com/index.php?topic=77326.0
http://forum.avast.com/index.php?topic=61928.0
http://forum.avast.com/index.php?topic=85044.0
http://forum.avast.com/index.php?topic=91367.0
these are just some of the search results…
Thanks for your help. I appreciate it!
Aloha,
Jim