Uruguay 6/7/8

Hi (sorry for my english i’m not an expert !),

Have you any information about Uruguay 6/7/8 ? Avast detect it in this path : C:\hp\tmp\src\pspt.\rus\Readme.txt

I know someone else that have the same problem but i think it’s a false positive because he’s got the same computer than me, a HP Pavilion zv.

Oop’s ! I see i’m not the first ! Sorry… ;D

In this post (http://forum.avast.com/index.php?topic=11082.0), it’s said that it is not a false positive but i’m not really sure…

Hi Noss,

Now that you have learned to search this here forum, we welcome you to join us here.
Read what we have spelled out about finding viruses and what you should do if you think you are infected (yours probably being a false positive). Else upload the suspected files to jotti and see what the results are.

One of your best friends besides the people in the forum trying to help you is learning to use a good search engine and get to the information of people that have searched these particular subjects before you. We call this combing. All information you need you will find there ;D. Then you need us only for a second opinion to find what is good information or misinformation. Welcome to the forum, Noss,

greetings,

polonus

One of the best ways to check if it is a false positive is to check the suspect file against a multi-engine on-line scanner.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.

Hi Polonus & DavidR,

Big thanks for your welcome !

I had this detect a long time ago now and I deleted it at this moment. I find it again a few days ago helping a guy on a forum who has this detect also. But he deleted it and i didn’t have the time to scan it with VirusScan. And i didn’t find intersting things in google. That was the reason i decided to ask about it to you.

Thank you very much for your advices.

I would say that from the path you gave, it may have been related to a Hewlett Packard (HP) item and the /tmp/ is probably a temporary location or something trying to make you think is is something related to HP. In either case I doubt that deleting it will have done any harm.

However, as a first option I suggest you use move to the chest, that way you have a fall back position if the detection is incorrect and it will give time to investigate.