My VPS version was 0645-4, 03/11/2006. When I scanned my files with thorough scan, I found that I’ve got a Trojan Horse.
My warning log contains:
05/11/2006 11:06:51 Welly 2220 Sign of “Win32:ShareAll-H [Trj]” has been found in
“C:\Program Files\iolo\System Mechanic Professional 6\SysMech6.exe[ASPack]” file.
I’ve checked the file on http://virusscan.jotti.org/ and the result was infected by Trojan-Spy.Banker.69 (detected only by VBA32)
Seems a false positive.
As a workaround, please, add the file to the Standard Shield exclusion list untill you can receive new virus database (vps) updates.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner , this uses the Windows version of avast and has a greater number of different scanners, 27 at last count.
Additionally, please pack the misdetected executable into a password-protected ZIP or RAR and send it to virus@avast.com, please (with a “False positive” subject, for example).
The new VPS still detecting it as a trojan ( 0646-0, 06/11/2006 ). I’ve tried VirusTotal and it gave the same result :
Avast → Win32:ShareAll-H
VBA32 → suspected of Trojan-Spy.Banker.69 (paranoid heuristics)
the VPS of 1st November (0645-0) picked up ShareAll-H in SysMech6.exe for me,
and I got the same result as you when using the multi-scan, VBA32 found Spy.Banker.69 (paranoid heuristics), and commented “possibly infected/malware. Might be false +ve”.
Still not good for the blood pressure when you think you are clean!
I have SysMech6 locked in the Chest until safe to let it out to play…