Win32:ShareAll-H [Trj]

Hi,

My VPS version was 0645-4, 03/11/2006. When I scanned my files with thorough scan, I found that I’ve got a Trojan Horse.

My warning log contains:
05/11/2006 11:06:51 Welly 2220 Sign of “Win32:ShareAll-H [Trj]” has been found in
“C:\Program Files\iolo\System Mechanic Professional 6\SysMech6.exe[ASPack]” file.

I’ve checked the file on http://virusscan.jotti.org/ and the result was infected by Trojan-Spy.Banker.69 (detected only by VBA32)

Your help would be appreciated

cengliong

Seems a false positive.
As a workaround, please, add the file to the Standard Shield exclusion list untill you can receive new virus database (vps) updates.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner , this uses the Windows version of avast and has a greater number of different scanners, 27 at last count.

Additionally, please pack the misdetected executable into a password-protected ZIP or RAR and send it to virus@avast.com, please (with a “False positive” subject, for example).

The new VPS still detecting it as a trojan ( 0646-0, 06/11/2006 ). I’ve tried VirusTotal and it gave the same result :
Avast → Win32:ShareAll-H
VBA32 → suspected of Trojan-Spy.Banker.69 (paranoid heuristics)

I’ve just sent the file to virus@avast.com

Hi cengliong,

the VPS of 1st November (0645-0) picked up ShareAll-H in SysMech6.exe for me,
and I got the same result as you when using the multi-scan, VBA32 found Spy.Banker.69 (paranoid heuristics), and commented “possibly infected/malware. Might be false +ve”.

Still not good for the blood pressure when you think you are clean!

I have SysMech6 locked in the Chest until safe to let it out to play…

Newer VPS (646-2, 07/11/2006) gives a clean result. Let us wait for VBA32 to update its database.

Well, we’re not that bad :wink:

My friend once said VBA32 is very good at detecting trojans. If its new database gives a clean result, then should I take it as if my file is safe?

Most probably… but, after all, as you’ve done before, the better will be submitting the file to on-line scanners.

OK, thanx…