Uruguay 6/7/8

I need a help to remove the Uruguay 6/7/8 virus from my computer.Urgent

Urgent:
Please Help us to Help you In order to help fully we need more information…

  • What OS are you using? is it up to date?
  • What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
  • What was the filename/s, where was it found
    example (C:\windows\system32\infected-filename.xxx)?
  • What actions have you taken to try and resolve the problem?

Hi DavidR,

Didn’t you search history first? Llook ye here: http://forum.avast.com/index.php?topic=15227.0, and there it wa. This could be considered a false positive.
I told kilimanjaro this. Wonder why in the meantime this was not fixed? It is a pity that Tech is working on his new project, as I knew him he would not be amused, as indeed this still was a false positive in Avast? Well advised to upload it to jotti to see what alarms on it or not.

polonus

No I didn’t, with a total lack of information on the virus location, etc. I felt it would be a wasted effort without the information.

Yes DavidR,

In that respect you are of course totally right. When the new visitors read the sticky “what to do when a file is infected”, we could help them much better. The best friends for a anti-malware fighter are notepad, a good search engine and a working brain,

your anti-malware friend,

polonus

When the new visitors read the sticky "what to do when a file is infected"
There is a sticky which has the basic information to help us, [url=http://forum.avast.com/index.php?topic=4818.msg34749#msg34749][b]User's FAQ[/b][/url] thread, it will give you a lot of useful advice, help us to help you.

It has however, always been an uphill struggle to get people to read, help files and FAQs ;D

Got a customer who is using the up to date version of Avast and it is set-up to automatically download the VPS dbase. They keep getting Uruguay 6/7/8 false positives on a Paradox database file. I’ve added the file and the directory to both exclusion lists but the resident Standard shield is still detecting and reacting to this false positive. Any ideas on what is going on?

A quick search through the forums reveals that this is an existing problem, which only seems to affect Avast. Are the development team working on a permanent fix?

What exactly did you put into the list of exclusions?

I tried putting the exact path and filename and also tried excluding the whole directory where the affected file lives.

e.g. Affect file causing false positives: C:\Documents and Settings\All Users\Application Data\audatex\AudaEnterprise\DB\EECUSTOMER\JOB_CALC.DB

Put C:\Documents and Settings\All Users\Application Data\audatex\AudaEnterprise\DB\EECUSTOMER\JOB_CALC.DB into exclusion list.

Also tried C:\Documents and Settings\All Users\Application Data\audatex\AudaEnterprise\DB\EECUSTOMER*.*

Added to both exclusion lists.

Seemed to work for a few weeks but today saw the problem returning.

I’ve just been searching through the help file and found this:

Adds an empty item to the list where you can write the folder or file to be excluded. If you want to select a folder including all its subfolders, it is necessary to append "\*", e.g. "C:\Windows\*".

I believe I put a . to exclude everything in a folder instead of just *. Could this be causing a problem?

I can’t test this until tomorrow when the end customer goes back to work!

Seems ridiculous asking for urgency and never come back :stuck_out_tongue:

Roundtrip, maybe you can try the short path for it, something like:
C:\Docume~1\All~1\Applic~1\audatex\AudaEn~1\DB\EECUST~1\JOB_CALC.DB

Did you boot after inserting into the exclusion lists?

Yes, the workstations have been rebooted many times since the exclusions were set-up a few weeks ago.

I even remember testing that the directories were being excluded by running an interactive scan and it all seemed to work.

If you check into the providers informations, which one is detecting the false positive?

avast! [WORKSTATION-1]: File "C:\Documents and Settings\All Users\Application Data\audatex\AudaEnterprise\DB\EECUSTOMER\JOB_CALC.DB" is infected by "Uruguay 6/7/8" virus. "Resident protection (Standard Shield)" task used Version of current VPS file is 0543-1, 25/10/2005

So it is standard shield. The exclusion has been set-up previously for the resident protection exclusion.