Virus threat Small-HUF / Patched-HO

Every time I quit Parallels Desktop on my Mac Avast detects a threat: Win32:Small-HUF of Win32:Pacthed-HO. The file mentioned is - as far as I know - the memory image Parallels creates when shutting down: /Users/Shared/Parallels/Windows 7.pvm/{674872a7-b6c9-4ce4-b474-bc8737c19d99}.mem. I can’t decide if this contains a virus or is a false positive caused in the process. Who can help? Thanks in advance.

Me too. Got a shock the first time but since it happens every time I guess I’m safe :wink:
Any timeframe for a fix on this?

You’re right. In the meantime I put through a support request and got the following answer:

You have to add this folder to the exclusion list:
System Preferences - Avast - Shields - Filesystem Shield - Advanced…
There you can specify exclusion list of files and/or directories which are not scanned by the filesystem shield.

I had a similar problem.

It seems that every time an avast update is downloaded the virtual HD image of the suspended parallels desktop VM is detected by avast to contain “Dead-B”, “Win32:Small-HUF[Trj]”, and a couple other things that I don’t remember and has not taken note of.

Having not found a way to contact support, and since my disk image are just apps and has no sensitive data in them, I opted to send the file to the “avast Lab” to report a “false positive” detection by avast.

Not getting any feedback from avast, I played around the UI and found the I can exempt the virtual PC folder from the full system scan.

Having read in Bas’ post that it is the same solution that the avast support suggests, I feel more than a little bit secure that what I did – exempting the Parallels Desktop folder from the scan – was the right thing to do.

Thanks!

WISHLIST: for avast team to fix this problem.

Are any of you, by any chance, actually running an Anti-Virus inside the Windows virtual machines? It can be a false positive or it can actually be a real virus, either way it should be dealt with from inside Windows.