Virus on a Virtual Machine file

Avast Free Antivirus / Premium Security
1

I use Avast on my Vista 32bit PC. I created a Win XP Virtual Machine with VMware 6.0.2 anche Avast found Suela-1042 worm into the file Windows XP Professional-000001-s001.vmdk. I can’t understand if it’s true or false: before i formatted my PC last time I had another XP Virtual Machine (same installation CD but prvious build of VMware) and Avast found a worm also into that VM!

Can anybody help me?

Thanks a lot,
P@olo.

2

Most probably a false positive.
It won’t harm if you set *.vmdk into avast Exclusion lists by the way. You can remove this setting after the false positive is corrected. I suppose the file is too big to be sent by email to virus (at) avast.com or sent by the ftp upload server.

3

Yes, the file is very big, approximatively 913Mb! You write that the false positive will be corrected: do you thing Avast Team will create any patch for this problem?

4

There is no need for a patch, specifically.
Just the virus database should be corrected. Try to update your avast and see if it is still detecting it as a virus…

5

I would recommend installation of the avast! into the virtual machine and set exception for vmdk files. As vmdk is compressed image of physical disk with filesystem, there may be some strings similar to the Suela-1042 worm. I think this cannot be threaten as false positive that can be fixed as those strings in the vmdk files may come up randomly.

6

I will install Avast also into Virtual Machine: can I use the same License Key that I use in Host machine? Or can I request a new key with the same email address?

7

Yes.

8

I installed Avast! into the Virtual Machine and made a complete scan! No viruses were found. I updated definition and program into the Host machine and i checked the vmdk file: it was still recognized as an infected file. I haven’t still set *.vmdk into avast Exclusion lists: if i will do, how can I understand when the false positive will be corrected?

9

I don’t think that this will be corrected because of what chocholo said in his post, reply #3 as the nature of the VM image file these strings could come up randomly. So it may be that you have to permanently exclude *.vmdk files types.

In order for what is likely to be a false positive avast would have to get a sample to analyse and as you say it is very large at 913MB.

10

They won’t… the exclusion list is safe for this extension (vmdk). I have done this…