Win32:Agent-DZT [Trj] false positive?

I scanned today and avast found Win32:Agent-DZT [Trj] in the C:\windows/uneng.exe file. I noticed this file has not been changed since 2000 & that avast added detection for Win32:Agent-DZT [Trj] today, 12/30/2006. Computer runs Windows ME & is running very well. Am I to assume this is a false positive?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

I scanned with both of your recommended online scanners & found the file to be virus free. Thanks for the quick response.

I also got a false positive for the same virus. I got an email message from Avast! saying:-

File “C:\Program Files\InstallShield Installation Information{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\Battlefield 1942 Secret Weapons of WWII_uninst.exe” is infected by “Win32:Agent-DZT [Trj]” virus.
“Scan: local disks” task used
Version of current VPS file is 0666-0, 30/12/2006

There was no virus present in the file, according to VirusTotal. Once again the file had not been used for some time. Oddly enough, the file had not been added to the Chest. Equally oddly, one of the checks used by VirusTotal is Avast! - and it did not give a positive result/

I’ll add it to the exclusions list, anyway.

Your welcome, the best bet now is to send the sample to avast so they can analyse it and correct the VPS. Send the sample to virus@avast.com zipped and password protected with password in email body and false positive in the subject.

Same thing send the sample to avast, so it can be corrected. Strangely there have been a number of uninstall files detected and found to be false positives, I don’t know if this is down to the fact that it deletes stuff (sorry about the technical term ;D).

I believe that VirusTotal lags behind in the version of the VPS that it is using compared to a user, they can’t just stop everything and install the latest VPS update.

I also received what I believed to be a fp during a scan and like galen it was for an un-installer exe for a game, SimCity in my case. But while I was waiting for VirusTotal to finish scanning the two files I submitted, I saw a pop-up that the Avast database had been updated to 0666-1. A scan of the suspect files now comes up clean. That was pretty quick; many thanks to the Avast team.

And since this is my first post, a “hello” to everyone and Happy New Year.

Welcome to the forums, thanks for the feed back.

Happy New Year to you.