Win32:PurityScan-Z [Trj] found in IceSword

I was downloading IceSowrd (supposidly a RootKit detector) and before the download finished Avast found the Win32:PurityScan-Z [Trj] Trojan in it. Is this a false positive?

What was the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Perhaps part of the detection mechanism of icesword.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

Well, the alarm happened before my download finished and I let it cancel the download so I have no file to send in. The
link to the download is:
http://www.xfocus.org/programs/200507/18.html

I have read a fair amount about IceSword which is why I thought this may be a false but outside of that I have no idea.

My Avast ver is:
4.7 Home Edition
Build: Aug2006 (4.7.871)
VPS File:
Compilation Date 9/13/06
Filve Version: 0637-1

I can download it again and try scanning with the other methods you mentioned. Although it didnt seem like Avast would let me…havent had this happen before. The only option was to abort the download but I did not click on the X to close the alert.

You can pause the web shield provider, that will at least let you download it. However, Standard Shield may then detect it but at least you will have it on your HDD and be able to investigate it and or send to avast.

You can check the avast Log Viewer, Warning section, it should have some more information.

that web site is dangerous:

http://www.siteadvisor.com/sites/xfocus.org?ref=safe&aff_id=0

:slight_smile: Hi Joe ( and any others ) :

 For the SAFEST site to download Ice Sword AND for
 instructions in English on HOW to use the program :

www.castlecops.com/t165203-IceSword_Instructions_in_English_Illustrated.html .

Thats interesting. The castlecops link goes to xfocus.net which i s how I got to the .org site. Although I did not find exactly what I was looking for since I got their x-scan instead of icesword like the castlecops dl was for. Avast had no problem with the icesword dl.

Its interesting that they have so much malware (according to the mcafee link…and I suppose my Avast). Makes me kind of skepticle of icesword…although i have read many good things about it.

Thank you all for your help!!!