I have Winamp pro 5.61(cracked) installed on this machine. When I opened it it tried to check for a new version using it’s update server but it was blocked by Avast’s network shield (Avast Free 6.0.1000 - 110412-0) detecting it as infected. I’m trying to find the infection type but I can’t see the full link in Avast network shield and in Statistics I can’t see the site or infection type. I have heuristics set high on all shields and PUP scanning on, but the Network shield that found the virus has no expert settings. I think it’s possible for this detection to be a false positive. I need help getting a sample… since Winamp doesn’t update at every start up.
Hi can you copy and paste that update link here and then munge the link with something like hxtp or wxw so we can scan it for malware,
if you do not like to give that link, give us the domain or IP of the update server to see at malware domains if they are launching active malware at the moment, like Bagle for instance…
polonus
I would post the link but I can’t get it. The link is too long and can’t see all of it, last popup message is an update and in statistics I can only see the infection attempt. How do I get the link?
I meant the update link you clicked before you got the alert, copy and pastre here (munge to hxtp://etc.)
Did you update your avast virus definition and did you do a rescan, considering this issue?:
https://blog.avast.com/2011/04/11/false-positive-issue-with-virus-defs-110411-1/
polonus
From what I see you are not familiar with Winamp. I didn’t click on any link. I just opened the program and it does a background check to see if you have the latest version(see pic).
I saw that blog post earlier and I think it might be the cause for the detection. Avast was using that virus definition when it detected the link as infected, 10 seconds latter it updated to 110412. If I rescan it will most likely not find anything. Will do it to check anyways.
Edit: I will play with Winamp for a while and do a full scan… if nothing comes up it was probably a false positive from 110411-1. Thank you for your help.