Hi!
This is my first post here so be gentle.
This morning i started my computer as usual and avast start updating, after updating is complete i get a virus warning. Ok i press delete warning goes away, 1 second later same virus warning ok lets try renaming warning goes away. Again warning, ok i move the file to chest with no success warning keeps popping out. I search this forum find nothing about the file it seems the file has something to do with my Ashampoo Firewall, ASFWhide. Im wondering whats this is it really a virus, im feeling a little skeptic.
I did a virustotal search on the file this is the result:
Complete scanning result of “ASFWHide”, received in VirusTotal at 05.03.2007, 23:04:21 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.4.0 05.03.2007 no virus found
AntiVir 7.4.0.15 05.03.2007 no virus found
Authentium 4.93.8 05.03.2007 no virus found
Avast 4.7.997.0 05.03.2007 Win32:Trojan-gen. {Other}
AVG 7.5.0.467 05.03.2007 no virus found
BitDefender 7.2 05.03.2007 no virus found
CAT-QuickHeal 9.00 05.03.2007 no virus found
ClamAV devel-20070416 05.03.2007 no virus found
DrWeb 4.33 05.03.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3612 05.03.2007 no virus found
Ewido 4.0 05.03.2007 no virus found
FileAdvisor 1 05.03.2007 no virus found
Fortinet 2.85.0.0 05.03.2007 RKProc!tr
F-Prot 4.3.2.48 05.03.2007 no virus found
F-Secure 6.70.13030.0 05.03.2007 no virus found
Ikarus T3.1.1.7 05.03.2007 no virus found
Kaspersky 4.0.2.24 05.03.2007 no virus found
McAfee 5023 05.03.2007 New Malware.z
Microsoft 1.2503 05.03.2007 no virus found
NOD32v2 2238 05.03.2007 no virus found
Norman 5.80.02 05.03.2007 no virus found
Panda 9.0.0.4 05.03.2007 no virus found
Prevx1 V2 05.03.2007 no virus found
Sophos 4.17.0 05.03.2007 Ashampoo Firewall Stealthing Component
Sunbelt 2.2.907.0 05.03.2007 no virus found
Symantec 10 05.03.2007 no virus found
TheHacker 6.1.6.104 04.15.2007 no virus found
VBA32 3.11.4 05.03.2007 no virus found
VirusBuster 4.3.7:9 05.03.2007 no virus found
Webwasher-Gateway 6.0.1 05.03.2007 no virus found
Aditional Information
File size: 4096 bytes
MD5: f8c718dc4299002d495a9da30a7c6ef1
SHA1: 019a49fad3d36132674fa7ad7ec9f0719c80b217
If anyone have a clue to what to do please let me know im at a loss. Cause i really like my firewall.
Thanks for your time…
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive in the subject. Or you can also send it from the the avast chest if there is a copy there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
Thanks for the fast reply.
I forgot to mention the file is located in my Temp folder i get a new copy of it as soon as i delete it or move or rename it. So i have had to disable live protection in avast or i cant do anything due to warnings popup constantly. I’ll check my chest if theres a copy of it and send it though.
Thanks again.
If a virus is replicant (coming and coming again), better than to disable the antivirus protection, you should:
Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3).
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
Don’t disable the protection, exclude the file. In my post above you will see you can add the file location to the exclusions lists.
What is a surprise to me is that the file is in a Temp location (the same as the other topic) and not the ashampoo program folder. So it must be generated by ashampoo, a crazy situation using the temp folder for something to stealth ashampoo I believe.
You should also send a sample to avast for analysis.
Also see (Mini Sticky) False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
The easiest by far is to exclude the files being detected, far easier than choosing another firewall, downloading it uninstalling ashampoo, reboot and installing the new firewall.
Unless there is something that you are dissatisfied with about ashampoo then excluding the files will take about 1 minute.
Hello, I am also new to this forum and I’ve got to say that it is a very helpful forum, so for that I thank everyone that posts on here. As for avast I also got warnings that my PC had a unknown virus/worm that said ASFWhide. I gathered that it had something to do with my Ashampoo Firewall. I run Ashampoo Firewall on my home PC as well as my Laptop. Yesterday when I turned on my Home PC and avast did it usual update the problem arose. I was scared at first that my PC was infected, I phoned my friend who said that it was likely that Ashampoo had attached a new file that avast scanned as a possible virus/worm. I tried everything to get rid of it like others have but to no avail. I decided that my best option was to uninstall Ashampoo Firewall and install another one. I have now installed PC Tools free Firewall and everything is ok. The samething happened this morning when I booted up my Laptop, so needless to say I have uninstalled it on there as well and install PC Tools one.
Since I have uninstall the firewall I have not had a problem and done full scans on both PC’s and nothing has been detected.
Still, I will be watching to see if the Tech Guys at avast solve the issue as Ashampoo is a very good firewall.
Then reinstall it and simply exclude the file (in my fires reply) that is being detected as it would appear to be a false positive detection and if no one submits a sample for analysis (as I mentioned in an earlier post) then the problem won’t be resolved quickly.
It really is easy to do, Program Settings, Exclusions, Browse, this allows to to navigate to the file to exclude. Once selected you will see the path transferred into the Selected paths: window, copy this path before clicking OK (you can paste this into the Standard Shield, Customize, Advanced, Add window part two).
Please see my first reply, I have sent the file trough the chest, I did that as soon as i got your suggestion that i do so. Just so theres no misunderstanding.
Very good forum, fast reply and understandable. ;D
My reply was directed at Paul Earlyman a new poster in the topic (perhaps not too well worded in my haste), but it never hurts to have others submit a probable false positive detection. It may apply a little more prompting/pressure to correct the problem.
I know that maybe I should have report it to avast for there detection and testing but as I said before, I had already uninstalled it and tried PC Tools free Firewall. I have run various test on PC Tools firewall like the leak test and a couple of others from the same website, and it passed all of them. So I was just happy that the potential virus/worm had gone. Maybe this was not the right choice as others have suggested different solutions to the problem but at the same time I am now happy that my PC’s are protected.
But excluding this file dosen`t help much, because it is excluding "except for the resident protection", so avast still show the message of file ASFWHide. Maybe there is another options in Avast, but i have no seen it.
ASFHide is not a virus, but a part of Ashampoo which looks like virus for some antivirs.
@ Paul Earlyman
No problem, my reasoning in sending the file was that it also helps others who might have avast and ashampoo and not just those posting in the forums.
Personally I think you are probably better off with the PC Tools firewall, I recall some issues with ashampoo firewall in the forums before and the PC Tools firewall has received some praise from those forum members using it.
Welcome to the forums.
@ T34
There are two exceptions lists one for on-access (Standard Shield, Customize,Advanced, Add) the most important one as that is the one which is likely to be triggered by the creation of this file and the On-demand Program Settings, Exclusions.
You need to enter the path in both.
What have you entered in these and we can say if the path and syntax is correct.
I am glad that you say that PC Tools Firewall has had a good review, like I mentioned yesterday, I have ran various tests from the Leak Test Website and it seemed to pass with flying colours.
Thanks for the welcome to this forum, it is a helpful tool for everyone.