Whale-9216 and .PUB - false alarm?

system · 2007-10-23T11:29:12.000Z

I performed a scan and Avast found (6) files that were flagged with the Whale-9216 virus. The program was not able to move them to the virus chest. I followed instructions to search for the .exe and .com files to remove the virus manually - but no files were found. I ended up deleting the files manually.

I did notice that at the end of the file name in the scan results, Avast showed an additional directory, i.e. ‘xxxx.pub\content’. When I searched for the file, it was there, no directory such as this. I opened the file and no virus warning.

I have had Avast 4.7 running in ‘High’ mode, all databases up to date automatically. I did get a virus warning from a web page last night just prior to the scan (sorry - can’t remember the name), but other than that - no virus problems ever in any email (I’m pretty cautious about downloads of any kind - never any email that appears to be junk - even from trusted sources).

Is it possible that this was just some type of file name issue - i.e. it was too deep in the directory tree? What would cause a ‘\content’ to be added to the end of the file name?

Thanks

Lisandro · 2007-10-23T11:52:55.000Z

TradenCookies post:1:

The program was not able to move them to the virus chest.

Files in use or packed… Or too big… Maybe you can increase the Chest size into the Program settings.

Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it’s safer to send them to Chest instead of deleting them.
This way you can further analysis them.

See also: http://www.digitalred.com/avast-boot-time.php

DavidR · 2007-10-23T13:56:15.000Z

What is the infected file/s name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

system · 2007-10-23T15:30:07.000Z

I did a full boot time scan and it found nothing.

I believe that this was a false positive - not sure why the extra characters on the file name though.

Thanks for your help.

DavidR · 2007-10-23T15:38:29.000Z

A boot time scan may not find anything depending on where the infected file was found, if it is within an archieve, that archive type may not be supported during a btto-time scan.

This was the major reason in asking where the infected file was found and its name ?

Beliefe is a great thing, but confirmation is better, which is why I suggested VT and Jotti.

Announcements