i got a virus named Win32:Trojan-gen {VC} and i cant get rid of it. If i try to delete it or move it to chest vast says “The operation is not supported for this type of archive”
The filepath is: C:\WINDOWS\Installer\5256.msi\ISSetupFile.SetupFile5
(I have the latest version of avast)
I suggest a boot time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it’s safer to send them to Chest instead of deleting them.
This way you can further analysis them.
when i use boot-time scan avast doesn’t find any viruses
Did you check the ‘archive’ option, i.e., are you scanning archives at boot time?
archives are scanned but nothing is found
What is reported if you submit C:\WINDOWS\Installer\5256.msi file to www.virustotal.com ?
Antivirus Version Last Update Result
AhnLab-V3 2008.4.4.1 2008.04.07 -
AntiVir 7.6.0.81 2008.04.07 -
Authentium 4.93.8 2008.04.05 -
Avast 4.7.1098.0 2008.04.07 Win32:Trojan-gen {VC}
AVG 7.5.0.516 2008.04.06 -
BitDefender 7.2 2008.04.07 -
CAT-QuickHeal 9.50 2008.04.05 -
ClamAV 0.92.1 2008.04.07 -
DrWeb 4.44.0.09170 2008.04.07 Trojan.WiFiKill
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5672 2008.04.04 -
Ewido 4.0 2008.04.07 -
F-Prot 4.4.2.54 2008.04.07 -
F-Secure 6.70.13260.0 2008.04.07 -
FileAdvisor 1 2008.04.07 -
Fortinet 3.14.0.0 2008.04.07 -
Ikarus T3.1.1.20 2008.04.07 -
Kaspersky 7.0.0.125 2008.04.07 -
McAfee 5267 2008.04.04 -
Microsoft 1.3408 2008.04.06 -
NOD32v2 3006 2008.04.07 -
Norman 5.80.02 2008.04.04 -
Panda 9.0.0.4 2008.04.07 -
Prevx1 V2 2008.04.07 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.07 -
Sunbelt 3.0.1032.0 2008.04.07 -
Symantec 10 2008.04.07 -
TheHacker 6.2.92.266 2008.04.05 -
VBA32 3.12.6.4 2008.04.06 Trojan.WiFiKill
VirusBuster 4.3.26:9 2008.04.06 -
Webwasher-Gateway 6.6.2 2008.04.07 -
Additional information
File size: 6689280 bytes
MD5…: 1fa2821b311b9e2ec22e94a633a427ec
SHA1…: d2b699e735d7be8f22defc2e9bd0fec89ee4d243
SHA256: eec5565bc966908a432c8f560522b55838bad422ad7ab0038b290f31f50714b0
SHA512: 036129e7617ba0341daed8d7099157ea31d2ce6a9ce7e47bbb19517f30076fce
a80e50d313ad0f98591bc93efb683f5d8442beb72ccde85613682de783fb3c12
PEiD…: -
PEInfo: -
Indeed seems a false positive… hope they correct it soon.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.
Please send us file “5256.msi” to virus@avast.com in password protected archive. To email subject please write “false positive” without quotes.