I have since scanned with Avast again & MBAM & came up clean. The infections are in the chest.
I did need to download some PDF & Word email attachments today from schools. I scanned the files & they came up clean. I also ran 3 different full scans after I downloaded the docs from one school & all was clean. I then downloaded docs from the 2nd school, which is a college, & ran some scans & came up clean. Not sure if I ran Avast at that time. I did run Avast a few hours later & that’s when it picked up the infections.
Thanks Frank but I am not a big fan of using such online scans & uploading my files to such services. Like I said, I am extremely cautious online
I was hoping that avast could tell me if it was an fp.
Also, I have in the past sent Avast potential FP’s & never received a response. This happened more than once if memory serves me
I am a bit unclear on how such a service would work as well. For example, I believe that inchtour is a normal MS Works file so how would uploading it to an online scanning service let me know if it was infected?
FWIW I downloaded FFDShow from free-codecs.com today just before Avast picked it up, however it was also right after a virus definition update, and during a MBAM scan
the file was found in C:\ProgramFiles\MicrosoftWorks
I got a similar virus alert yesterday regarding Microsoft audioconverter.exe, put the file in the Virus Chest and did a boot scan to make sure everything was clean. This morning after the Avast update I scanned the file again and all is clear, so I’ve restored the file on the assumption it was a false positive yesterday (especially judging from all similar reports on hers in past 24 hours).
A win32:malware-gen in msworks.exe was flagged on my PC today. The only thing I’ve installed recently is Microsoft’s converter pack to allow me to open new MS Word .docx documents with an older version of Word. I’ve moved msworks.exe, which I have never used anyway, to the chest. This does sound like a false positive. Any ideas ?
Well, I tried emailing the infections via the “email Avast” option from the chest & nothing appeared to happen, any suggestions?
I have restored the files & am rescanning but I believe I already had the most current version of Avast when it detected the infections. We’ll see what happens…
Well…Avast just updated so I figured they may have fixed the possible fp problem. I restored the files & they were still detected as infections. Since I restored the files, I was however able to access them to upload them to Jotti & VT. However, after submitting the files, I was told that the files were empty containing 0 bytes of info.
I went into C/:ProgramFile/MSWorks/Inchtour, clicked propereties, looked around & as I closed it by clicking “OK”, I was told that I could not make changes s the file was in use or read only so I used “cancel” to escape. When I again went into MSWorks, there was a shortcut icon to “Inchtour” that was created adjacent to the “Inchtour” icon,. I did not create a shortcut so I deleted it.
I again put the “Inchtour” file in the chest. Any other suggestions?
still no fix after the update. its weird that we cant get the 'email avast' thing to work yet others can
I am told that is normal.
Also, on another subject…I cannot upload the file to Jotti or VT as I am told that the file is empty or is 0 bytes. I don’t understand. It was suggested in another forum that my firewall may be responsible but I have never had a problem uploading a file before. It was also suggested that it might be a result of malware. (This was on bleepingcomputer.com)
I was able to upload the Inchtour.PIF,which is an apparent shortcut to the Inchtour.exe file, to Jotti & VirusTotal.
I was not able to upload the original Inchtour.exe file however. When I went to the properties of the Inchtour.exe file, an Inchtour icon shortcut was created automatically. This is a shortcut to “an msdos program” as it’s stated in the properties of the shortcut. In the properties of this shortcut, it is also indicated that it’s a shortcut to the Inchtour.exe. I am able to upload this file to the online scanners but when I upload the original Inchtour.exe file directly, it comes up as 0 bytes, although the file size is 3.92.
I hope this make sense. If not, please reread as I don’t know how else to explain it Thanks!
Create a folder called Suspect in the C:\ drive.
Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder and allow it to be uploaded to VT.
