just finished updating Spyware Terminator on my pc and then Avast issued a warning that SpywareTerminatorSetup.exe located at the “update” folder contains a virus Win32:Downloader-BIJ(Trj)…What shall i do?, do i have to delete the file?
Hi
did you DL ST from the ST site or from a link? just a regular detection update or a program update
did you install the add ons such as the toolbar, AV etc
can you go online to Virus Total and upload the detection?
report the results
any ST users out there?
Where did you download the file from, e.g. was it a trusted source ?
When did avast issue a warning, e.g. was it the web shield detecting it (only gives the option to abort connection) or was on an on-demand scan ?
It could be that it is seeing the update element as malware, however, the file name detected doesn’t seem to support that theory as it is detecting on the installation file and not actually updating ST ???
A google search http://www.google.co.uk/search?q=SpywareTerminatorSetup.exe returns many hits some strange. Or they could be detecting the Crawler bits.
http://www.prevx.com/filenames/X3360864763241519448-0/SPYWARETERMINATORSETUP.EXE.html
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
the file was downloaded from ST site and it appears every time ST is updated…the avast on-access scanner detected the file…it has transferred from the “update” folder to the Spyware Terminator folder…i followed your advice, uploaded the file to virustotal…and the results are below:
File SpywareTerminatorSetup.Exe received on 08.19.2008 13:57:38 (CET)
Current status: finished
Result: 5/36 (13.89%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - Win32:Downloader-BIJ
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Suspicious:W32/QDown.v!Gemini
Fortinet - - -
GData - - Win32:Downloader-BIJ
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - Suspicious
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - suspected of Win32.Trojan-Downloader
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: cb2277679efba537cc98a1138463f6bd
SHA1: 3922931d2633324b6d5102cd1717c27cacc79480
SHA256: 339684ddd7238ce9ebbc938feb75afc4cc953cc49efe2890e52f1ad2d71af2a2
SHA512: 444f15f8294ba1b1c55d30a8795065f554d4828806eff15af83869e954590b29ea96ccff31827fc47c00f197e0e185790ecd6eb1d01e9771d3698ccb774e2e6d
thanks for the advice but still i cant decide what to do
It certainly warrants further investigation by avast, as GData uses two AV scanners, the avast engine being one and the other detections are suspicious, these are heuristic detections, which are more prone to false detection.
If it is indeed a false positive (possible), see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.