Hi,i booted up pc today and as soon as the desktop loaded avast flagged up- warning detected Win32-Trojan-gen(other) in program files\yahoo\search protection\search protection.exe.
This is a first time detection in yahoo,i have had yahoo for some time years now -same program never changed it-and nothing has ever has been picked up before by avast,i done a FULL scan with malware bytes,spybot,spyware terminator NOTHING?. Could this be a false positive.
Running windows XP,SP3 all updates installed.
The detections named Win32-Trojan-gen(other) are generic detections. It may be false positive (maybe the .exe file is really infected). So before being sure, send the file to VisrusTotal and see if any other AVs detect it. You can send the file to Avast team as a false positive via the chest if you are sure that it is clean.
Thanks for the quick reply back!-ok i will do what you suggested,i have sent the file to avast just now and will now also send the file to virus total.
Just as a precaution i have deleted yahoo search protection from add/remove and turned off system restore and wil reboot and re-scan again with avast,get back to you thanks.
( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 1536:OqPTWZeqHDkIfk2DyuV591iwXg1MP4+nf1p:OqP0CMPL
PEiD : -
RDS : NSRL Reference Data Set
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Yes, none of them. Now we can believe that it is clean. Btw, if you’re lucky, avast! team will exclude it from the database in a short time. Otherwise you’ll have to exclude it in both standard shield and program settings manually because sometimes avast! team doesn’t examine the files submitted by users at all. ;D
It isn’t unusual to not have avast detect on VirusTotal when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.
Also I find this somewhat of a strange issue, given the location and file name “program files\yahoo\search protection\search protection.exe.” This to me implies that there is some form of scanning possibly and it may be this which the win32:Trojan-gen is picking up on.
The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.
VT is automatically updated afaik. Maximum 1 update can be missed on VT at this time i think?
On Jotti and VirScan.org, i used to had strange results. On Jotti G DATA didn’t detect many files when avast! detected (now they removed G DATA). On VirScan many AVs didn’t detect some files even though they detect them in real life. I sent even eicar test file, but got a similar result. ;D I dunno about how these two sites work now, though.
So generally i don’t trust 100% but VT hasn’t given me such results so far. And some time ago i sent there a virus which avast! didn’t detect at that time, in VT avast! detected. Then i updated my avast! and it also detected. Therefore the AVs on VT is updated very quickly imo. There must be some other factors causing such situations.
yes i think the yahoo search protection is a type of scanning as it is always resident in the task manager,but not anymore i’ve uninstalled it,never used it anyway and i like to be safe,i hate extras like toolbars and search thingys!!.
Thanks to you both for the replies back its late here 2.30am sorry bout the missing bit in the last post!,going to bed.
I don’t know what they use. (btw i just realized that Jotti has G DATA again). i didn’t know that VT have some update issues coz my experince didn’t tell me so.
anyway, thanks for the clarifications David, Tech.