Virus Found

Hello,

If this is not a False Positive then I have my first computer virus. Look at the screenshot please.

To my mind it is strange to find a virus in your system volume information folder without first having found one in the systems folders and deleted it.

Viruses that are deleted (or possibly moved) from the system folders are in effect protected by windows system restore (in its wisdom), a copy is saved as a _restore point in the system volume information folder, just in case you made a mistake or want to restore the file. So if that didn’t happen then I can’t see how a restore point can become infected.

So I suggest you email it to avast from the chest and say you suspect it to be a False Positive and give some info and possibly a link to this thread.

Hello,

For some reason avast! will not send the file. I get this strange error message. That tells me to check my SMTP settings. I will show my SMTP settings in my next post.

~Justin1278

Hello,

Here is the next screenshot showing my SMTP settings.

~Justin1278

Use the Default IMAP to send it will work with that, I have no idea why it won’t go with SMTP (it didn’t for me either and I know my smtp settings are correct).

Justin,

What virus was identified? I can’t see enough on your screen shot to make that out.

Could this be related to that Spywareno problem you had?

Hello,

The virus is detected as Win32.CTX no i don’t think it is related to the spywareno problem i had.


I decided to Google Win32.CTX and this link is to the first page of results.

http://www.google.com/search?q=Win32.CTX&rls=com.microsoft:en-US&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1

So, I clicked on Next at the bottom of the page to go to page 2 and as soon as page 2 loads I get this below. I have repeated this 3 times with the same results. As you can see, Avast catches it so no harm done. Is this happening to anyone else?

EDIT:

For some reason, I cannot get that picture to post except as an attachment and as you can see it is … empty! No, I did not preview it. This is the 3rd time I’ve tried to make this same post. I have the jpg on my computer and can view it. The attachment is a screen shot of the Avast! warning for Win32.CTX when I go to the second search page.



Avast calls it Win32:Cholera-B. One more try at posting this screen shot …

EDIT:

Finally! That’s page 2 of the search in the background.

Without heading too far off Justin’s original question I just wanted to point out a virus I ran into that was also related to a Symantec web site. See this thread:

http://forum.avast.com/index.php?topic=19313.0

Probably a strange coincidence but it makes one wonder what’s up over at Symantec.

Hi,

Ok the file was sent. The suspected file is locked in the Virus Chest and will stay that way until I check on it again in about 2 weeks (if i don’t forget ;D) if it is still detected as a virus I may wait a little longer just to make sure and if it is still detected the file will then be deleted.

~Justin1278

Hi,

Even today the file is still detected as a virus.

Just a guess, but when seeing a CTX virus detected in system restore, I’d say it’s detected in some other AV or removal tool module that doesn’t properly encrypt the signatures.


I understand that, Igor, but do you have any idea why I got the alarm doing the Google search as I posted above? ???

This is the second time this year I have gotten an alarm of some type while changing pages in a Google search. :o


Hello Igor,

What would you suggest I do then with this file?