Hi,

I have a few virtual machines on my computer, and avast (home edition) seems to think several of them are infected with trojans. In the past, it detected a trojan in the .vmdk file for two of my three Windows XP virtual machines, and it just detected one in my new Windows7 Beta virtual machine. However, none of my Linux VMs cause any problems.

• The two “infected” XP VMs have their own antivirus programs (AVG), which say they are clean. They are also up to date with Windows Update.
• The “uninfected” XP VM is also running AVG but is not up to date with Windows Update… which leads me to think avast is not conflicting with AVG, but rather with something from Windows Update.
• The Win7 VM is running avast, which also reports the VM as being clean.

I feel pretty confident that these are false positives, but I can’t upload these huge files to an online file checker to get a second opinion. My anti-spyware programs haven’t complained about these files either.

It claims the trojan in WinXP is “Win32:Small-HUF [trj]” and the one in Win7 is “Win32:Adloader-AC [trj]”
My VPS version is 090126-0, 01/26/2009

Any thoughts? Is there any other information I need to post?
Thanks.

I’d say that they are perfectly fine, and avast is just incorrectly reporting them.

However, if they are cracked versions of operating systems (you said the win 7 was beta, so that shouldn’t be an issue).

I’d just make sure that an antivirus is installed on the VM’s and go with that.

The OS’s are completely legal (via the university download site), so that shouldn’t be an issue.

Should I just ignore the individual warnings as they come up, or should I add an exception for all .vmdk files (assuming there’s a way to do this)?

Off topic: I completely agree with your signature: “Linux is free, if your time isn’t worth anything…”

Hi,

The VM issues can be quite tricky. Especially when you have some other antivirus installed inside a VM. I don’t say it can’t be a FP, but let’s try some steps before we’ll finally blame the avast.

I’d advice to try to uninstall the inner antivirus or better to revert to some snapshot prior to its installation. Do you have some snapshots of the VM from the time the antivirus was already installed? The frozen state of a machine with an antivirus installed can be good source of FP.