Avast Home Edition Quickscan is reportiing Win32-BredoLab-K in a .zip file that was generated by a web hosting service backup on a *nix server and downloaded to my Windows system for safekeeping. Most of the backed up files would be PHP or config files. Surely there cannot be a Windows trojan amongst them…?
In any case ther is no way that I would execute anything from that .zip file on my Windows computer - although I might unzip and read the data for reference. I don’t see why I should be concerned - or should I? Anyone know?
Yes you should always be concerned about any detection.
Yes it is possible to get a virus inserted from almost anywhere and considering windows is a major target as it has about 90% of the market that is who they would be targeting.
You didn’t mention the file within the .zip that avast is alerting on, but you could upload the zip to be scanned.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Inside that folder you could reasonable unpack the zip so you only upload the suspect file, just don’t try to execute the file.
Thanks David, for prompting me to look further into this. On investigating I found that the virus was in an executable attached to a mail file on the *nix system. When discovered by Avast it was in fact deep within a .tar.gz archive of the site backup (not .zip, my bad) that I had downloaded to my Windows client.
So it was not an immediate risk to me here but definitely needed attention. Kudos to Avast for rooting it out from deep within that archive.