This trojan was identified by on-access scan a few minutes ago. The question is- both copies was found in installed software by cosmi which have had installed for 5 yrs. Is it false positive or real? Why today after 0624-2 6/15/06 definition update. I reported it but does anyone have info on if cosmi shipped infected cd? What steps can I do to verify. I’m really concerned since a month ago again after an update win32:small-XC was detected when the infected zip file had been on the computer for months without detection?
Anyway, to know if a file is a false positive, please submit it to JOTTI and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used.
Ok interesting – I could not upload to JOTTI said either firewall or malware stopped it. I now took this serious.
Firewall didn’t say it blocked anything so I tried to run the application - just fine - The shortcut to the app did not use this folder - looking closer all that was in the folder was the manual and this launchaveo file. I scanned again and placed it back in the virus chest and deleted the folders. App runs find. I still don’t understand why the flag went up yesterday vs months ago? I will send it to you as requested.
Maybe the signature for this infection was added recently, maybe you were using less protection (Normal) and not High at that time, maybe the file was packed…
Maybe it’s still a false positive… we need to dig more to find the truth 8)
I restored the file so I could zip it and was denied access. Tried couple of times and ways without success. I sent to virus addr message I was emailing the file from my virus chest which says it went ok.
Did I miss something inorder to allow me to zip it? Can the two messages be matched up or shall I try again?
Steve
I’m not sure that I’ve understood you… the access to that file was denied? Which application did it?
If it was avast, well, to manage a file detected as infected, you’ll need to turn of the antivirus protection… be sure to not execute the file, just pack it into a zip file.
Thank you-
I forgot to turn the antivirus off. I’ve zipped it and emailed with password.
Thanks again for your time. wWill wait for a response.
tripod2go
Service load:
0% 100%
File: LaunchAveo.exe
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 2c2bdc2cccd78f2ba1eb8c5947628174
Packers detected:
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:Banload-MF
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
If you need to use this software then you will need to restore it from the chest, pause standard shield first.
Then if it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
