WIN32:OPAS-A-FSG[WRM]

earlier this afternoon avast found virus win32:opas-a-fsg[wrm]. I put this into the virus chest and later having updated the virus definition to 0438-1, ran anotherscan.
the result of this scan was no virus found,
should I have removed the virus from the chest to allow it to be seen?.
can the file be deleted?
I also ran virus cleaner which also found nothing.
Excuse me for not saying hello all! at start of message, first time posting .
Thanks for any help you may give,
Mal

It could be you had a false positive. What file is/was infected and what was its original location?

Hello Eddy,
thanks for quick response.
original file was c:\documents and settings
original file name keygen.exe
Mal

As long as the file is in the chest Avast will prevent the system from accessing it.
Looking at the name of that file I would say it is malware. Please scan the file at JOTTI and let us know the results.

Hi Eddy,
I seem to be stuck with JOTTI’S. I put in file name keygen.exe and submitted but
stays at uploading file. no movement at all.
Mal

Mal76

I put in file name keygen.exe and submitted but stays at uploading file. no movement at all.
Remember, that file could be anything from a simple program to a can of worms.

On Jottis’ site did you clicked on “kiezen” and than browsed to the file to select it, or did you just typed in the name of the file?

Eddy,
I typed in keygen.exe and also tried win32:opas-a-fsg[wrm}
I did not click on kiezen.
the original folder name goes throgh c:\documentsand settings on down to power dvd1856

Well you have to choose “kiezen” and then browse to the file to select it. Then it will be uploaded to Jotti and the scan will begin.

I do not see kiezen

Eddy, I have tried again following your suggestion. that was keygen then browse
JOTTI’S then scanned and said status OK, packers none.
Mal

What now with virus in chest, am I able to remove this? It says cannot be restored, or can “vrdb” do anything.
Mal

See the picture.

  • Click on button 1
  • browse to the file and select it
  • click on button 2
  • Tell us the results. Do other av applications detect it as infected or not?

That Jotti scan will give us a pretty good clue wheater it is a false positive or not. When we know that, we know if we should delelte it or that we have to take other actions.

Eddy,
following your earlier suggestion I did manage a successful scan from JOTTI’S
It reported status ok and no packers found.
The original folder this was in was a power dvd programme which was in a folder where I keep programmes and shortcuts. I do not need this power dvd programme so I have deleted it.
Having done so I went into virus chest and looking at the item in virus chest under virus info it says (no virus)
Do you think its ok to delete it.
Thanks for your patience with me.
Mal

Yup, it is safe to delete it. Looks like a false positive with vps 438-0

Thanks so much Eddy I’m off to bed now sorry misunderstood kiezen (Browse)
goodnight thanks again Mal

I do not think it is a false positive. Mal76 may have been playing on-line games like Half Life, Battlefield 1942, etc. There have been reports of worms being propergated at these sites.

This worm is also spread by using KAZAA.

A google search for keygen.exe produced this:

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=keygen.exe&btnG=Search

Hello CharleyO,
just to let you know that all is ok now, no virus found whatever I scan with. I never play games and have never used kazaa.
Thanks though for your input.
Mal76