Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Positive from Avira?


  • Please log in to reply
1 reply to this topic

#1 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 11 December 2009 - 03:18 PM

My computer was scanning with Avira last night and it came up with the following log (I have only included the infections found from the log file)

C:\WINDOWS\system32\drivers\etc\hosts.20090524-115339.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
C:\WINDOWS\system32\drivers\etc\hosts.20090524-115754.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
C:\WINDOWS\system32\drivers\etc\hosts.20090930-191614.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
C:\WINDOWS\system32\drivers\etc\hosts.20090930-191940.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
C:\WINDOWS\system32\drivers\etc\hosts.20090930-191948.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
C:\WINDOWS\system32\drivers\etc\HOSTS.MVP
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus

Beginning disinfection:
C:\WINDOWS\system32\drivers\etc\hosts.20090524-115339.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to '4b95a80a.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090524-115754.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to '4a2eb813.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090930-191614.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to '4a29bfeb.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090930-191940.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to '4a2fa05b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090930-191948.backup
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to '4a3aa88b.qua'!
C:\WINDOWS\system32\drivers\etc\HOSTS.MVP
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was moved to '4b75a7ea.qua'!


C:\WINDOWS\system32\drivers\etc\HOSTS.MVP
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus

That line strikes me as the most odd, as it seems to be the MVPS HOSTS file? My current HOSTS file is clean however, and was just wondering if this was a FP and could be ignored?

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:58 PM

Posted 11 December 2009 - 05:39 PM

The best place to find that info would be in the Avira forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users