When Rufus finished Avast automatically claimed to have found WIN32:vitro
on the USB stick inside the Linux pathways but there is no file called linux nor any
linux without extension, its possible to put this file into virus chest but delete from
Avast on USB makes no difference:
E:\KNOPPIX\bootonly.iso|>boot\isolinux\linux
Ideas on what’s going on since vitro is a highly destructive thing!
The Knoppix iso file is 4.2Gbyte, yes i had prior already tested (sorry for not mentioning that) all files in that last (isolinux) map of the installed USB image Avast detected in VT, all vent green. But is this “linux” a hidden map/file? Shouldn’t Avast say something like, linux.xxx are infected by WIN32:vitro or map linux has a file file.xxx that’s infected rather then just linux!?
This, the above, makes it likely this could indeed be a FP. This thread in the given link (which is rather recent) seems to suggest that the detection of this virus in a Knoppix ISO is a false detection. Even if the virus were really present in the ISO and you installed and used the operating system, it’s not likely that it would damage the Knoppix OS installation.
Well the booting as a “live disk” on a Windows machine could change things to make them look slightly different.
Always good to check your image using md5to rule out hacks.
But the final verdict can only come from an avast team member, so wait for one to appear and come up with a conclusive answer,
as avast team members are the only ones that are entitled to give that answer with authority, as win32:vitro is a very serious and often irrepairable infestation of the Window OS. We aren’t to treat that detection lightly and we won’t.
polonus (volunteer website security analyst and website error-hunter)
If it does i just kill MBR and wipe out the directory chains. That ought to do it.
Always good to check your image using md5to rule out hacks.
Either one (md5 or SHA256) will do i recon since the well known source of the file.
Well the booting as a "live disk" on a Windows machine could change things to make them look slightly different.
But the final verdict can only come from an avast team member, so wait for one to appear and come up with a conclusive answer, as avast team members are the only ones that are entitled to give that answer with authority, as win32:vitro is a very serious and often irrepairable infestation of the Window OS. We aren’t to treat that detection lightly and we won’t.
Indeed, my biggest concern was my Win7 machine on which i made the Knoppix image.(have not booted the image on this machine due to Avast alarming. What concerns me that Avast is not presenting the file name and extension, just linux. But yes i will wait for final verdict.