system
December 30, 2011, 10:46am
1
Hi !
I’ve just scanned a hard drive with ClamWin and I’m very surprised to get the following message:
… \Downloads\setup_ais.exe: Trojan.Generic.Bredolab-2 FOUND ???
“setup_ais.exe” is known as the setup program for Avast Internet Security.
The MD5 of the “setup_ais.exe” found in this hard drive is 490b9cf8c517674f8cb30f1e0b20d67f.
Is it a legit “setup_ais.exe” ?
Thx for your answers
Milos
December 30, 2011, 10:47am
2
Hi !
I’ve just scanned a hard drive with ClamWin and I’m very surprised to get the following message:
… \Downloads\setup_ais.exe: Trojan.Generic.Bredolab-2 FOUND ???
“setup_ais.exe” is known as the setup program for Avast Internet Security.
The MD5 of the “setup_ais.exe” found in this hard drive is 490b9cf8c517674f8cb30f1e0b20d67f.
Is it a legit “setup_ais.exe” ?
Thx for your answers
Hello,
there should be digital signature – check if it is valid.
Milos
system
December 30, 2011, 10:52am
3
Hello,
there should be digital signature -- check if it is valid.
Milos
Hi Milos,
Do you know where I could find such a digital signature ?
Thx
system
December 30, 2011, 10:54am
4
On the setup.exe file, right click → properties → digital signature.
system
December 30, 2011, 11:07am
6
So? Does it contain such certificate / signature? Which date is there in the certificate?
Have you downloaded the setup.exe for AIS from the official website?
system
December 30, 2011, 11:15am
7
So? Does it contain such certificate / signature? Which date is there in the certificate?
Yes, there is a certificate and it is stated as "valid". The date is : july, 18th 2011 23:04:43
Have you downloaded the setup.exe for AIS from the official website?
I'm not the owner of the hard drive. I don't know if it has been downloaded from the official website.
system
December 30, 2011, 11:29am
8
If the setup.exe is just sitting there with no goal, then delete it.
If in fact it is supposed to be used to install AIS, then download again (from the official website) it’s latest version, officially released 2011NOV28, v6.0.1367.
Be aware that if you already use another resident antivirus, it is recommended to uninstall the other one and run the respective removal utility before installing any new resident antivirus.
If the new download is also reported, please review the certificate and report back.