Please advice if the following is a positive:
Sign of "Win32:Dropper-BDV[trJ] has been found in:C/Program files/Uninstall_flash_player.exe"file
Thank you very much
EP
Please advice if the following is a positive:
Sign of "Win32:Dropper-BDV[trJ] has been found in:C/Program files/Uninstall_flash_player.exe"file
Thank you very much
EP
Usual drill confirm the detection at VirusTotal and report, etc.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Thanks Davidr
You’re welcome, let us know the results.
Thank you for your interest ,I did it the other way around:
1.I deleted the infected flash player program.
2.Deleted the infected file from virus chest.
3.Deleted the suspected virus from system restore(it was there too…)
4.Installed new flash player again.
Now, I only hope I`m done with it and not get some resurrection elsewhere…
Consideration for doing that: No problem to get rid of the whole program and reinstall . That way, saving time and efforts .
Thank you again for your assistance.
EP
I saw that on my friend’s system and it was the result of one of the prolific antivirus2008 infections.
You may have to FORMAT the hard drive as those infections have become very nasty with rootkit installations.
I would download MBAM then update it then run a Quick scan and let it remove what it detects and a reboot may be required to remove locked files:
http://www.malwarebytes.org/mbam.php
Crow,
following your way may give you the feeling of greater security, but you really do not know if your system has been exposed or not.
I am scanning one of my pc and it came up with the same warning. I know that the file was downloaded from the official site, so I am confident that it is a FP but I will check this out once my scan is finished.
Crow
I recommending doing what the little bird told you
by nuking the only evidence you had there is now no way to tell if this was part of a larger infection
do you have a log that shows the malware name and path?
post up that MBAM log
rt click the avast ball and update programs
then rt click again and schedule a boot time scan with archives etc turned on
reboot
I, of course, hope you are clean
best to leave a copy in the chest but do the restore clean up then investigate
did you google the hit?
Haven’t had time yet to do the upload ex chest to Avast but did check via Virustotal (by downloading the same file again from the Adobe site. Only three AV show this is a virus/trojan: Avast, GData and VB32. I don’t know Gdata but VB32 seems to flag everything, so I still think this is more likely to be a FP. Interestingly enough on Jotti Avast does not show anything.
Hello mouse,
I think you are probably right, upload to avast and they correct it in a next update.
Thanks for diving into it, and reporting,
polonus
Thank you all for being so responsive.
Crow
I just scanned my downloaded copy of Uninstall_flash_player.exe and it does not pop up a virus warning.
I’m not able to get back to the infected system for a while to submit the infected file.
Hi crow, mouse, YoKenny,
Always before downloading check here: http://online.us.drweb.com/?url=1
So copy and paste the URL in this realtime checker against the servers of DrWeb.
You can also search using scandoo.com.
But use a realtime download link checker, because the site that was malware free last week, may be abused the moment youi start to download. Check and re-check is the word, and you all know the saying; “Curiosity killed the cat”,
polonus
P.S. “Crow, click the pic to see it larger”.
Hi polonus
Thank very much for the very useful link…and for the very nice picture!!!
Crow