Win32:Searches-E

Viruses and worms
1

Hello,

I registered to the forum, because I can’t find any information about a virus (trojan), my virus scanner Avast 4 found just this morning. The name is “Win32:Searches-E [trj]”.
A rather old .exe-file (from 2003) in the programs directory was infected (“LiveMusic.exe”), as well as (the correspondend?) Windows restore file in the System Volume Information directory.

Does anybody have a clue?

Regards
befo

2

Extract the file from the Chest to the desktop and upload to VirusTotal for analysis. (You’ll need to temporarily disable avast! while doing this.)

3

Avast also detected one program of mine with this virus. I scanned it online using http://virusscan.jotti.org/ and only Avast and G Data found the virus. Is it possible that it’s a false positive? I could not find any method to clean the infected file. Thank you for any help.

4

Highly possible as GData uses avast as one of its two scanners.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

However, I would suggest you upload it to VirusTotal - Multi engine on-line virus scanner (36) and report the findings here the URL in the Address bar of the VT results page.

5

Hi, i’ve just had the same reading from my scanner about a file that was fine, and it now reads Win32:Searches-E

http://www.virustotal.com/analisis/520fe1108aee075a448152b00a28578e

that’s my virus total scan results. hopefully you’ll be able to help me.

6

Hi mcgrailka,

Well I think this to be a false positive of sorts. Forward the file to avast, and hopefully a new update no longer flags it,

polonus

7

hi polonus,
thanks for the quick response, i will forward it on to them.

Cheers,
Karel

8

FP, should be fixed in the latest vps. Sorry for any inconvenience.

9

Thanks to all participants who joined in producing a satisfying answer to my problem - much faster than I was able to react.
:slight_smile:
befo

10

Welcome to the forums.
This is not unusual for the avast forums ;D