Win32:StartPage-685 [Trj]

my microsoft access database (MDB file) was infected by
Win32:StartPage-685 [Trj] as reported by avast.home edition

can anyone help me clean it without deleting the file?

thanks…

How big is this file ?
If less than 10MB you can confirm the detection at the site below.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

thanks for your tip, DavidR. anyway, here is the result of the VIRUS TOTAL analysis:

File size: 6688768 bytes
MD5…: 3871f4e43b30937979a004a48c22887a
SHA1…: 7b58e79f286ab0e195126ba00af07c57eeddb413
SHA256: 0f9cd573f86d13b0a5fa26a17e26867d9430f74fe916d40c559abdd54e436b29
ssdeep: 49152:VP1/cYv/Eh9NAUanDeNwVjnf5IpUuG5tvnzayFfK3:VPlt/ELNCeNojfsU
uGzPDFf2

PEiD…: -
TrID…: File type identification

PEInfo: -
PDFiD.: -
RDS…: NSRL Reference Data Set

;D the result is very cryptic to me. i hope you can give some idea on the meaning of those result.

also, i just wonder why of the many anti-virus scanner, only avast and gdata discovered win32:startpage-685 virus.

once again, thanks!

Gdata uses avast as one of its two scanners, so combined adds up to one detection which means it is likely to be a false positive detection.

You should have posted the URL of the VT results page, makes life easier all round.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic and the VT results URL might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

If it is indeed a false positive and it looks that way, send a copy of the file to the User Files section of the chest (if it isn’t already in the Infected Files section).

Add it (full path and file name) to the exclusions lists:
Standard Shield, Customize, Advanced, Add
and
Program Settings, Exclusions (right click the avast ’ a ’ icon)

Restore it to its original location (if in the Infected Files section), periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

thanks for the info on the relationship between avast and gdata.

MD5…: 3871f4e43b30937979a004a48c22887a
SHA1…: 7b58e79f286ab0e195126ba00af07c57eeddb413
SHA256: 0f9cd573f86d13b0a5fa26a17e26867d9430f74fe916d40c559abdd54e436b29

i uploaded md5/sha1/sha256 data to VIRUS TOTAL and all the same only avast and gdata reported the infection.

i assume this must be a false positive.

anyway, since avast removes the infected database file (which is not i want), what i did was to copy the tables of the infected database to a new database.

i scanned the new database and avast did not report win32:startpage-685 anymore.

once again, thanks for your support…

No problem, glad I could help.

Lets be clear, avast doesn’t remove anything, it alerts to infection and gives options for the user to select, it doesn’t take autonomous action. So what option did you select, move to chest (best and safest), move/rename, repair, delete ?

Depending on the option ‘you’ selected and avast carried out it may be possible you still have the mdb file. Presumably you still have this file or how could you have uploaded it again to virustotal; the MD5 is a unique file identifier and both you report are identical; this means that it was the same file. So hopefully you can see why we ask for the URL of the results rather than a small element of the results, which also stops the need for you to copy and paste every time…

Welcome to the forums.