Hi,
I have a relatively new WinXP PC and noticed it running strangely. I ran a manual scan. Avast picked up this Trojan virus in the Google video program of all things! Does anyone have a clue on why this would be in there?
Avast successfully transferred to chest, and I deleted it from there, no prob… Thanks Avast!
But, why didn’t the active monitoring pick this up? I would have downloaded Google Video Client months ago. I run automatic updates and it runs in the background from start up.
Without putting words into polonus’s mouth, I believe because you mentioned google there are lots of Hosts entries relating to google in that link. What that is doing is redirecting any google url to another site ‘69.31.81.22’
However, it is unrelated to your issue with a false positive detection, so I think polonus misread your post.
For the future, deletion isn’t a good first option (you have none left), send it to the chest and investigate. From the chest it can be restored, deleted later as required.
Hello, I also got the Win32 Pakes - CH (trj) in Aworld.exe and it removed both my Activeworlds and Also Stage Coach Island. These are the only two programs that it affected, so my guess is that it may have caught something AW was doing and I have read up on this Win 32 Pakes it seems to be pretty malicious. Yes I have had some problems and the funny part… This will really get to you. I have an older installer that requires AW Updates, the program works on install of this one, and the first update. After the 1st the Second Update is where the Win32 Pakes comes in. Seems they have written in the code to these updates and apparently they use it to spy on users in AW.
Hello, I also got the Win32 Pakes - CH (trj) in Aworld.exe and it removed both my
Activeworlds and Also Stage Coach Island.
I assume that by removed you mean deleted ?
Well whilst this is a real pain in the rear, but a valuable lesson in deletion isn’t a good first option, ‘first do no harm.’ avast! doesn’t delete, the user selects or depending on the version can setup automated actions, so avast didn’t delete it, the most common recommended action is to send it to the chest. That way you can:
Investigate it as you are doing now.
Send it to virus @ avast.com if after investigation you think it is a false positive detection.
Restore it if note 2. is true.
Delete it later after a period of time with no adverse effects of it being moved to the chest.
If you haven’t detected the detected files this time round, you could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan, it will need to be temporarily removed from the standard shield exclusions otherwise it won’t be scanned), when it is no longer detected then you can also remove it from the program settings, exclusions.
Also see (Mini Sticky) False Positives