i have potentially found a virus but I’m unsure if it is a false positive because of the virus’ characteristics (can modify files and hide)
today i let avast fully scan my ssd and exactly and only this file is supposed to be infected:
Windows 7 x64-f005.vmdk
with
Win32-Bolzano-T
the vmdk is part of vmware 10 and a container image file for the emulator (not compressed afair).
it looks a bit suspicious compared to other false positives.
i never had these kind of issues with vmware and avast before, I’m using vmware a lot for debugging and stuff.
the installed windows is more or less a fresh install from a few months ago and if i was like 5min on the internet with it and it is not directly connected to the host.
i found very few similar issues on the search engine where other scanners even deleted the vmdk file, but nothing that was exactly like this.
it’s difficult to upload the file to test it further because of its size of 2gb.
29.08.2014 19:52 2.147.221.504 Windows 7 x64-f002.vmdk
29.08.2014 19:52 2.147.221.504 Windows 7 x64-f003.vmdk
29.08.2014 19:52 2.147.221.504 Windows 7 x64-f004.vmdk
29.08.2014 19:52 2.147.221.504 Windows 7 x64-f005.vmdk
29.08.2014 19:52 2.147.221.504 Windows 7 x64-f006.vmdk
29.08.2014 17:46 2.147.221.504 Windows 7 x64-f007.vmdk
29.08.2014 17:46 2.147.221.504 Windows 7 x64-f008.vmdk
nothing about the file itself looks unusual, the modified dates etc. everything seems okay.
i guess this is a false positive, but since i don’t know how avast came to its conclusion i would be happy if someone could provide me with more info about the likelihood of a false positive.