Ok, I was trying various ad-blockers this morning, and ended up getting the virus shown in my screen shot. No big deal, I handled the situation by restoring from a clean image file from an external drive. My concern is the fact that I use Avast to right click and scan all exe files before running them. I downloaded two different ad-blockers, both with browser helpers(tool bars for control of the ad-blocker). I ok’d these browser helpers through spyware guard. When I went to un-install one of the ad-blockers, my add/remove screen froze, so I started an Ad-Aware scan. Shortly into the Ad-Aware scan, Avast alerted me of the virus…I assume because the on access scanner was scanning the files Ad-Aware was scanning. I had also downloaded a few firewall exe’s from web-attack. I also scanned these files as well before running them. Nothing showed up as infected. Could I have possibly received this virus from the actual web page that I visited, to download one of the ad-blockers? And not from the actual exe file for the ad blocker? Or is maybe Avast seeing the browser helper for the ad-blocker as a virus?
As seen on http://www.avast.com/eng/viruses/vps_history.html, the detection of this particular malware was added very recently (October 27). So it’s possible that at the time of download it was not being detected.
Installers (.exe) are normally packed.
Did you have archive scanning enabled while scanning the installers?
It could also be the installers where packed with a archiver that Avast can’t handle (yet?)
I have scan within archives set during a manual full system scan. Where is the setting to make sure I am doing the same with a right click and scan on a single file?
Ok, are you sure this is not a false positive of some sort? I just checked on my wifes PC, and she has the same virus, in the same folder. I also just checked after restoring from this image file, and the virus is still in there. I have a load of image files that I can keep going backwards through to see exactly when it was installed. Its in the “Webroot shared” folder. The only webroot software on my syatem and my wifes is Window washer 5. I find it odd that my wife would have the same virus on her system. I am willing to bet that the file flagged as a virus is installed with window washer. I can image back to before I installed window washer, and run a virus scan again. Then I can install window washer and see if the virus file returns. I just scanned the window washer exe file that I used to install…it came up clean!
Also I went to the webroot shared folder, and both files in that folder9including the one flagged as a virus) were created exactly the same day and time. The other file is for file shredding within the window washer program.
Jotti - Multi engine on-line virus scanner www.virusscan.jotti.dhs.org if any other scanners here detect them it is less likely to be a false positive.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
Ok, I ran a full system scan, and Avast flags the virus for me. I then un-installed Window Washer, which removes the webroot shared folder where the so called virus is living. I then run another full system scan, and I come up clean. So, I then go back to my original Webroot Window washer exe,(Scanned with Avast, and clean) that I received from the official webroot website, and ran the install. Half way through, Avast alerts me that there is a virus on my system. This file is installed with the webroot software. I bet everyone running window washer five, has this file in that same folder.
Ok, I am willing to bet this is a false positive. I just ran an online scan from Trend Micro house call. Came up clean. I will try another free online scan.
David, your link takes me to their page, but it says the board is closed!
Ok, sorry about that, I got hooked up with jotti. I browsed to the file in question and had it scanned. Came up clean. Whats weird is Avast is in that list of scanners!!
Nothing weird as that’s the Linux version which may have some differences. But it would still appear to be a false positive. Take the actions as previously suggested.
Now you have used the on-line panda scan, you may get other false positives due to the fact they don’t encrypt their virus pattern files. If so check the location.
I have had Window Washer for many months, no new downloads, and I got the same mysterious virus warning Friday morning; I just put it in the chest, ran another scan and all has been well!
Download it from the “try it” section to the right. Then you can play around with the file that Avast flags. I am not sure what its function is as far as how window washer performs.
Am I to understand that unless I have the pro version, I can only do a limeted right click and scan on files? I am still a bit concerned that I can right click and scan my Window washer 5 exe on my storage drive, and Avast finds it clean. However, it finds a false positive when I run the exe. I would really like to be able to find this stuff before running the file.
