Hi: This may have been asked before, but I have no idea how to do the search.
I have a program I installed back in 2005, avast scanned everything & everything was good.
Today I went to reinstall that same program & got the following message:
Sign of win32:trojan-gen {other} has been found!.
Is this generally a false positive? Or are the new vast detections finding stuff
that has been around undetected for years?
In 2005 Avast had no problemwith this program, now same program, same disk, avast blocks the install.
Another thought, when the warning says "traces of (trojan or virus) were found,
what exactly is that, one line of code, or something mucvh more sinister?
No it isn’t generally a false positive, but it uses a generic signature. The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
As far I know, the signature did not match perfectly with the virus database, so, it’s not a 100% detection, but a possibility. Maybe it was detected by algorithmics or generic signatures also.
It is also very possible that what was not detected back in 2005 will be detected now because detections have been improved greatly. I have a good example of this in my own cd games collection. In my case, I know it is a good detection. You should follow David’s advice and check the file through VirusTotal.
Wow! It was a keygen for a downloaded program, came up with over 20 confirmations.
That is impressive and a lesson for me. Something 3-4 years old may still have undetected malware.
For many it is a reclassification of what it does and this could just be gather data for marketing or ad delivery purposes, which are too malicious, but undesired in any case. Some free programs or trialware came with this ad supported function which can be considered adware.
In 2005, avast wasn’t as good on adware/spyware detections being more a specialist anti-virus program, that however has changed and will continue to change.
However, since you didn’t give us the URL to the VT results page that has to remain speculation on my part.
Whilst a large number of the detections are Generic/Heuristic/Non-Specific signature, etc. I still think it is a legit detection. This is mainly based on the fact key generators/hacks apart from any moral/legal issues are high risk as they are likely to come with unwelcome gifts, e.g. trojans, etc.
Now if this is a legit copy it may be just because of the key generation function that triggers this in heuristic/generic signatures. Interestingly a google search for this file name returns zero hits, which is also suspicious.
The other point is the date of this particular scan Dec 12 2008 “Finale_2005_r2_Keygen.exe received on 12.10.2008 20:55:33 (CET)”
So when you submitted it, VT said this has been scanned before, you should always elect to have it scanned again as a week is a long time in virus terms and in this case 3 weeks is too long. It might mean that more scanners detect this or conversely less detect it.
Hi again - I rescanned it - here’s the results.
I guess it is past time for a thorough housecleaning on my harddrives.
Should I scan with multiple products or is there one recommended heavy duty scanner?
For starters I downloaded the Microsoft Anti-Malware & am doing the in depth scan.
Funny enough, no sooner did I scan that “keygen” than that computer will no longer
log on to Avast.com, either with IExplorer or Firefox. I gues sthat in itself tells the story.
Yes it looks like it maintained its suspect status over a long period of time, so less chance of it being a bad detection (false positive).
Just look at my signature at the bottom of my posts.
What happens when you try to connect to www.avast.com then (click the link and nothing, etc. what) ?
If so try this http://74.86.245.119/ that is the IP address for avast.com if that works it might be a problem with the hosts file redirect (a malware tactic). Or it may just be a hiccup.
Ok - Things are looking up here.
I did a complete scan, found lots o f trojans in the windows restore.
I deleted windows restore, deleted the contents of the prefetch buffer.
Cleared out all cookies, the temp folders, & the Explorer cache.
The second Avast scan took far less time, & my boot time has sped up considerably.
Now on to some other malware scanners as suggested by some responders.
Two you should have as anti-spyware/malware scanners to back-up avast:
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Cookies really aren’t anything to worry about, I have that part of the SAS scan disabled. I don’t accept third party cookies in my browser and I periodically clear out my cookies.
