Multiple virus warnings all over the company - False positives ??

Hello,

Our weekly scan is causing a lot of virus reporting at the moment in ADNM: looking at the files, I would almost thing these are false positives. Is something up with the last virus updates ??

There are multiple detections on a Adobe Acrobat update file, multiple detection in our ClearContext software,… etc.

avast! [LPT00032]: File “C:\Documents and Settings\hageudens\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00015]: File “C:\Documents and Settings\jausma\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00035]: File “C:\Documents and Settings\dvbroekhoven\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00036]: File “C:\Documents and Settings\jmertens2\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00002]: File “C:\Documents and Settings\cvandenbroeck\Desktop\ClearContext\ccims.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00009]: File “C:\Documents and Settings\lvandeplassche\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00017]: File “C:\Documents and Settings\rkerstens\Desktop\GPower31Windows\GPower\vcredist_x86\vcredist_x86.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19-11-2009

avast! [LPT00043]: File “C:\Documents and Settings\mbraeken\Desktop\Oude Desktop\Old Desktop\ccims.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 11/19/2009

avast! [LPT00027]: File “C:\Documents and Settings\jverreze\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00037]: File “C:\i386\wextract.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 11/19/2009

avast! [LPT00041]: File “C:\i386\wextract.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 11/19/2009

avast! [LPT00032]: File “C:\SWSetup\SP36651\NET32\dotnetfx.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00018]: File “C:\Documents and Settings\jbeckx\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00001]: File “C:\Documents and Settings\gvanhoudt\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [DTP00009]: File “C:\System Volume Information_restore{158755BF-045B-4D68-8032-97EDAE89679E}\RP22\A0003261.dll” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00027]: File “C:\Documents and Settings\kvermeire\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [DTP00009]: File “C:\System Volume Information_restore{158755BF-045B-4D68-8032-97EDAE89679E}\RP22\A0004866.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00032]: File “C:\System Volume Information_restore{B7D8BF70-689F-4E06-A3E4-2E8D2A007DFD}\RP72\A0017158.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00029]: File “C:\SWSetup\SP36651\NET32\dotnetfx.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00032]: File “C:\System Volume Information_restore{B7D8BF70-689F-4E06-A3E4-2E8D2A007DFD}\RP72\A0017159.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [DTP00012]: File “C:\i386\wextract.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00029]: File “C:\System Volume Information_restore{B7D8BF70-689F-4E06-A3E4-2E8D2A007DFD}\RP98\A0022191.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [LPT00037]: File “C:\System Volume Information_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP22\A0004505.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 11/19/2009

avast! [DTP00006]: File “C:\System Volume Information_restore{68094801-EFB7-4415-A7EB-D6BEB677ECA6}\RP209\A0024819.dll” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

avast! [DTP00006]: File “C:\System Volume Information_restore{68094801-EFB7-4415-A7EB-D6BEB677ECA6}\RP209\A0026371.exe” is infected by “Win32:Trojan-gen” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 091119-0, 19/11/2009

P.S. How do I turn on email notification from the Avast Forum ?

Keep me posted,

Cheers,
Mario

Hello mbraeke1,

you can check whether the detected files are indeed infected or are fps. upload files one at time to virustotal.com and check what antivirus scanners are detecting it as. gdata may have the same detection as avast! since it uses avast scan engine as one of its two scanners. if you see anything like gen, heur like nomenclature then it should be a fp. check it your self. you can send all the files zipped, password protected to virus@avast.com with the subject fp and in the body, put the password and the link to this topic.

to access files from system volume information, see this : http://support.microsoft.com/kb/309531

you can turn on the notification emails while posting. just click the additional options, while posting, and check notify me of replies.

this is what I generally do if a gen detection occurs, hope it helps.

nmb

Hi,
thanks for notice, FPs will be fixed in next VPS update.

Milos

@ nmb

Thanks ! This is really helpfull feedback - indeed Avast and GData are the only ones detecting these files. So FP’s !
I’m going to incorporate your advise in our instructions…

@ Milos
Thanks for taking care of this !

Hello mbraeke1,

great that it helped you.

you are welcome.

nmb

The updated VPS is released now.

there you go… vps is released. guys at avast! are fast.

nmb

Great !!

Thanks a lot guys - This is what good service looks like !

Cheers,
Mario