W97M_ETHAN.C

Hi,

We have found that some of our word docs are infected with the W97M_ETHAN.C virus but Avast does not find it. Any idea as to how I can change this?

Phill

Hi Phil. Welcome to the forum.

Is that a Trend Micro detection? I assume you’ve run Housecall and hopefully haven’t deleted all the infected files yet. If you still have them you could upload samples to Jotti to confirm the infection and, if confirmed, send a password protected, compressed sample to virus@avast.com. Make sure to include the password in the email - something simple like “virus” is fine.

http://virusscan.jotti.org/

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner, this I feel is a better scanning option as it uses the windows version of avast (more packers) and has more scanning engines 29 at the last count.

avast should see this as MW97:Ethan family.

Hi philbex,

Also consider these removal instructions for this macro-virus:
http://service1.symantec.com/sarc/sarc.nsf/html/W97M.Ethan.A.html

polonus

If its worth anything, our corp avast setup refuses to detect this at all points (email, server, desktop). I did email about it many months ago without response.

If you want another sample, I can forward to an appropriate contact.

I assume you sent it to virus @ avast.com without the spaces. It can get very crowded in there as 4000+ emails per day are received. If you have a sample in the avast chest (you can add it to the User Files section of the chest) and send it from there that gets filtered on receipt so I feel that is a better way.

OR You can use the ftp server to upload the files. Upload them to ftp://ftp.avast.com/incoming - Connect to the link and drag the file into the Right pane and drop it, that starts the upload, you don’t have read access to this folder.

Where is the better and faster detection method that you’re always promising to us?