Hello,
I’ve setup a virtual environment the other week for testing purposes.
The Virtual PC installation comes directly from the Microsoft website, while the Windows XP installation in the virtual environment comes from an original OEM CD. (I have Avast Pro running in the virtual environment).
Our weekly scan now detects Virtual PC.exe as being infected:
avast! [DTP00010]: File “Process 1208, memory block 0x21F40000, block size 1048576” is infected by “JS:Obfuscated-CL [Trj]” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 090920-0, 20/09/2009
avast! [DTP00010]: File “Process 1208, memory block 0x22140000, block size 1048576” is infected by “JS:ScriptSH-inf [Trj]” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 090920-0, 20/09/2009
avast! [DTP00010]: File “Process 1208, memory block 0x0BFB0000, block size 1048576” is infected by “JS:Obfuscated-CL [Trj]” virus.
“Scan Local Disks (LPT/DTP - Scheduled)” task used Version of current VPS file is 090920-0, 20/09/2009
When I look up the process on DTP00010 with PID 1208, I find Virtual PC.exe
Since I find it highly unlikely that there’s any infection (looking at the source of the programs) I’m wondering whether this is a false positive.
I’ve seen other posts where the image files were detected as being infected (.vmdk, .vmc, .vhd) but in my case, it is the application itself…
Anyone any experience with this ?
Thanks !
Mario