vbs redlof

  • Thread starter Thread starter jessiejames
  • Start date Start date
J

jessiejames

I have a virus that only avast catches.It is from the file (sysclean.com) I
downloaded from Trend.I have run adaware,spybot %stinger in safe mode with
system restore off & after restaring the same virus pops upAvast
catches it & I have checked all the boxes to delete,repair,rename & move
to chest but nothing happens.I still have the samr problem.
Thanks for any help or info that might solve this problem
 
I have a virus that only avast catches.It is from the file (sysclean.com) I
downloaded from Trend.I have run adaware,spybot %stinger in safe mode with
system restore off & after restaring the same virus pops upAvast
catches it & I have checked all the boxes to delete,repair,rename & move
to chest but nothing happens.I still have the samr problem.
Thanks for any help or info that might solve this problem
Click to expand...
Yeah, I saw the same thing. I think that moving the files to the
virus chest deletes them from the folder. Then, if you try to run
sysclean.com again, sysclean.exe is extracted/generated again and
Avast detects it ... again. If it's a problem it belongs to trend
micro. I'm off to their site to ask a question or two.

Does any other AV program have the same reaction?
 
jessiejames said:
I have a virus that only avast catches.It is from the file (sysclean.com) I
downloaded from Trend.I have run adaware,spybot %stinger in safe mode with
system restore off & after restaring the same virus pops upAvast
catches it & I have checked all the boxes to delete,repair,rename & move
to chest but nothing happens.I still have the samr problem.
Thanks for any help or info that might solve this problem
Click to expand...

jj,
I too had the vbs redlof warning from Avast when I ran sysclean, but read a
response from David Lipman here that explained this as a false positive by
Avast. I followed his advice to this OP and disabled Avast to run sysclean,
and it was good advice. No doubt David will add his wieght to this.

dfrog
 
| On Sat, 05 Mar 2005 16:05:22 GMT Ernie B. wrote:

| Answering myself but the Avast forum has some information at
| <http://forum.avast.com/index.php?topic=4070.0>. Apparently a false
| positive, surprising that it hasn't been fixed in the past year.
| --
| Ernie B.

| Communication: The art of moving an idea from one mind to another,
| hopefully without distortion.

Fascinating that you wanted to put the blame on TrendMicro first. It is and has been a
False Positive declaration problem with AVAST for a while. Ian Kenefick and I had to
convince someone on Jan 27th in the Microsoft Virus News Groups that this was the case. It
is nothing new. It has to do with how AVAST (or any AV software) scans a file for the
"fingerprints" of an infector. AVAST found the signature in SYSCLEAN.COM (which is a self
extracting EXE file) and declared it as infected. The problem is it flagged the signature
and not the infection.
 
| | jj,
| I too had the vbs redlof warning from Avast when I ran sysclean, but read a
| response from David Lipman here that explained this as a false positive by
| Avast. I followed his advice to this OP and disabled Avast to run sysclean,
| and it was good advice. No doubt David will add his wieght to this.

| dfrog


:-)
 
Fascinating that you wanted to put the blame on TrendMicro first.
Click to expand...

Yeah, well... When I download something and try to run it, and it
sets off alarms I naturally suspect whatever I downloaded. Silly
quirk of mine.
It is and has been a
False Positive declaration problem with AVAST for a while.
Click to expand...

I discovered that when I did a search in the Avast forum.
Ian Kenefick and I had to
convince someone on Jan 27th in the Microsoft Virus News Groups that this was the case. It
is nothing new. It has to do with how AVAST (or any AV software) scans a file for the
"fingerprints" of an infector. AVAST found the signature in SYSCLEAN.COM (which is a self
extracting EXE file) and declared it as infected. The problem is it flagged the signature
and not the infection.
Click to expand...
Okay, thanks for the explanation.
 
Ernie B. said:
On Sat, 05 Mar 2005 16:05:22 GMT Ernie B. wrote:

Answering myself but the Avast forum has some information at
<http://forum.avast.com/index.php?topic=4070.0>. Apparently a false
positive, surprising that it hasn't been fixed in the past year.
Click to expand...

Whenever a file is "detected" by Avast! (or any single AV scanner) it is
a good idea to get additional opinion scans from other scanners (like at
the "virustotal" site) - the 'right' conclusion if only one detects
malware in a file is usually that the one is FP'ing (not that it is the
only one doing its job). This also illustrates why having any AV scanner
delete without asking first is a bad idea. What if you were working on
an important document and the AV trashed it cause it thought it was
malware? Having some on-demand scanners laying around does not impact
performance at all, and allows you to get other opinions without going
to the online scanners.
 
Whenever a file is "detected" by Avast! (or any single AV scanner) it is
a good idea to get additional opinion scans from other scanners (like at
the "virustotal" site) - the 'right' conclusion if only one detects
malware in a file is usually that the one is FP'ing (not that it is the
only one doing its job).
Click to expand...

Good point. Earlier research at a user forum would have saved
confusion in this case also.
 
David H. Lipman wrote:
[snip]
Fascinating that you wanted to put the blame on TrendMicro first. It is and has been a
False Positive declaration problem with AVAST for a while. Ian Kenefick and I had to
convince someone on Jan 27th in the Microsoft Virus News Groups that this was the case. It
is nothing new. It has to do with how AVAST (or any AV software) scans a file for the
"fingerprints" of an infector. AVAST found the signature in SYSCLEAN.COM (which is a self
extracting EXE file) and declared it as infected. The problem is it flagged the signature
and not the infection.
Click to expand...

the problem is that signatures are supposed to be encrypted to avoid
this very problem...
 
| David H. Lipman wrote:
| [snip]|
| the problem is that signatures are supposed to be encrypted to avoid
| this very problem...
|
| --
| "we are the revenants
| and we will rise up from the dead
| we become the living
| we've come back to reclaim our stolen breath"

Thanx... I never thought about that.
 
Back
Top