We’re using 4.8 SBS version. Yesterday two PCs were flagged as being infected here “C:\Program Files\QuickTime\qttask.exe” (the only two that had quicktime installed) now today virtually all our Dell PCs are infected in two places
“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [file is dated 2004]
My own dell aptop (on the same network) is reported as fine.
I’d like to upload the file from the chest to http://www.virustotal.com/ but if I move onto the “infected” client PCs (the user is still logged on without admin rights), start avast, enter the ADNM password password, add a folder to to be excluded - it seems to keep forgetting that I’ve added the folder (i.e. If go back into avast there are no exclusions). So when I extract the file to the so called excluded folder - avast keeps putting the file back into the chest.
avast4 - Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Where have you added this folder (not advisable as it leaves a hole, exclude only the file), the avast Settings Exclusions, is only for on-demand scans. So if it is the Standard Shield alerting you need to exclude it there.
I can’t get the advanced interface to work (always works fine on pc standalone pc at home, but not on an ADNM managed avast). But I logged in with full admin rights on a PC - and it now remembers to exclude the directory, so it’s not a problem.
Anyway after uploading to virustotal it’s only been flagged as a virus with Avast, Avast5 & GDrive. So it looks like a false positive (phew!). Here’s the link…
Perhaps this exists on the avast site somewhere - but it would be nice to get a realtime (within reason) list of false positives. I’m guessing that anybody with 4yr old Dell Optiplexes running XP & Avast is in the same position as us? i.e. Worried!
Sorry I don’t use the ADNM product, so I don’t know how you would go about this on the ADNM system, presumably it has its own client AV as the ADNM is just a management function.