Avast 5.0.594. Virus Definitions Version 100718-0 detected C:\i386\rvsezm.exe and C:\i386\RVSEZM.EX_ as a Win32: Spyware-gen with a quick scan and with File System Shield today. These files are shown to belong to Microsoft and they have not been modified since August 20, 2004. I have scanned my system with MBAM, SAS, and Spy Sweeper, and all of them came out clean. Win Patrol and Comodo (Firewall and D+) have not shown any new alerts for executable, processes or services. BTW I have not installed or download any new files since MS Tuesday updates. I also sent the file to Virus Total where only Avast and G-Data detected it as above:
That’s the sort of checking and investigation that, in an ideal virtual world, all users would do. 8)
It very much looks like a FP.
It can be submitted (1) to virus@avast.com . Zip and password protect it.
Include the password in the body of the message text, and that you believe it to be a FP.
(2) Add it to the virus chest, (quarantine) and right click it to submit it from the chest to Avast as a FP. This way is pretty easy; it will be submitted when the next defs check occurs.
Avast are usually pretty fast at correcting these when submitted.
Periodically re-scan the copy of the file in the chest, or the original, it should re-scan clean fairly soon.
I already submitted the files. Crossing my fingers. Avast updated to 100718-1 and still alerted me about rvsezm. Ky331, a much respected DeLL Virus and Malware Discussions Forum member, scanned his files without any alert. I am very concerned.
Don’t be too concerned. It might take a day, maybe two, for it to be not detected.
It is almost certainly a false positive.
You also have the reliable second opinion of MBAM and SAS.
Don’t worry, be patient.
PS, your friend who scanned it; what AV was he using?
That 100718-1 version was actually released before you posted in the forums. Avast are generally very fast to correct an FP once analysed, but they haven’t got a time machine ;D
Those files in those locations I don’t believe are actually in use or the on-access scanner, the file system shield would have alerted, so aren’t critical.
What is Rvsezm.exe?
Rvsezm.exe (Zone Datafile) is an executable from the software Zone.com version 1.2.1 by Microsoft Corporation. Rvsezm.exe version 1.2.1 is most commonly found under the directory "Windows" with a creation date of September 17, 2005. This is not a known spyware, adware, or trojan executable.
The strange thing is that the i386 folder is normally located under the windows folder, so I don’t know what it is doing hanging off the C:\ root location ?
Though my copy is in the C:\Program Files\MSN Gaming Zone\Windows folder and isn’t detected, see MD5 hash in image to compare with yours.
Files in C:\ i386 folder are a back up for the OS, and yes I was worried because my rvsezm.exe in the MSN Gaming Zone\Windows folder was not detected as was in your case.
I can say now that with Virus Definition 100719-0 the alerts are gone ;D
I have been using Avast for at least 9 years. From Version 3.x in Windows 95 to upgrades in Windows 98, 2000, and Vista and almost never I have had problems with it, and only on one other occasion I have had a F/P and that is the reason of my little participation on this forum. However I have been around the block with a few PCs and AVs and I would not change Avast for any of them.