system
1
Today when I turned on my machine and windows XP loaded, Avast popped up with suspicious file blocked,
Object: E:\games\quake2\quake2.exe
Infection: Win32:Evo-gen [Susp]
Action: Deleted
Process: C:\Program Files\Microsoft IntelliType Pro\itype.exe
The threat was detected and blocked just before the file was opened.
So I have 3 questions about this:
-
The quake2.exe file has been on my machine for years and was not infected before, so has a virus somehow altered the file on me (which could be a severe problem if it starts doing it to other files), or is this a false positive?
-
Is it default behaviour, and in any case is it recommended behaviour, for avast to automatically delete a file like this? It didn’t even ask me to. That’s OK for this, but if one day avast loads up with 1000 FP’s, or even 1000 real detections, I don’t want it to obliterate my files without giving me any chance to do anything.
-
What does it mean by the “Process” being itype.exe? Is “Process” the program that is accessing the file, and “Object” is the file?
Thanks
Pondus
2
1. The quake2.exe file has been on my machine for years and was not infected before, so has a virus somehow altered the file on me (which could be a severe problem if it starts doing it to other files), or is this a false positive?
It is not detected as virus .... but suspicious
have you tested the file at www.virustotal.com
You can upload files and report issues to avast lab here: http://www.avast.com/contact-form.php (change subject according to Your case)
you can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21