Concerned about a suspicious-looking pop-up I did a complete scan of my system yesterday and Avast! claimed to find the above virus. I moved the infected file to the chest as prompted, but when I opened the chest after the end of the scan, the file was nowhere to be found!
I did a search for the virus on the web and found that Davinia is normally received as an email message containing either no subject/body or, in other versions, a body stating “Onel 2 virus programmer / Melilla, Espana / 25 Diciembre 2000”. However, I have not received (or opened) any email of that type.
Could this be a false positive, and if so, how do I ascertain this? Also, why didn’t Avast! move the infected file to the chest as instructed?
I am currently running WinXP SP1 and have Avast! 4.7 Home edition updated to the latest definitions.
Sometimes the ‘infection’ is not a ‘saved’ file in your computer, so… it could not be ‘moved to Chest’.
But, indeed, is it that often? Maybe some virus analyst could say something here…
Is there any Heuristic setting that avoid the mail delivery? I mean, into Interent Mail provider Heuristic tab of settings.
It will be very difficult to say, without the mail, without the file in Chest.
Is there anything related to this into the avast logs?
Why don’t you get SP2?
I can’t understand why people with XP does not get SP2… : ???
What was the infected file name, where was it found example (C:\windows\system32\infected-file-name.xxx) ?
Check the avast Log Viewer, Warning section, that should contain information about the avast alert.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
I checked the avast Log Viewer and the infected files was in My Documents. The name of the file is: “ubcd34-basic\ubcd34-basic.iso\IMAGES\SGD.ISO\boot\sdg\S10en\S30_specialboot\S30hide_and_seek\cd\hd0\part2\menu.lst”
This is a file within the iso image used to create an “ultimate boot cd” bootable disc. I searched the ubcd forums and found that this user had a similar avast alert about the same file, so this must be a false positive.
You could also check the offending/suspect file at: [url=http://www.virustotal.com/xhtml/index_en.html][b]VirusTotal - Multi engine on-line virus scanner[/b][/url]
I tried virustotal but the file was too big to be uploaded.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
I have a copy of the “ultimate boot cd” .iso and avast also picked up one of the tools that could be used for good or evil, unfortunately an AV can’t determine which.
From your link and that it is a text file it does seem that it is an FP. If you create a bootable CD from the iso file it will extract the suspect file (you may need to pause the Standard Shield to get this done), then scan the file on its own or upload it to VirusTotal, etc.