Win32:Mhtplo-10 - False positive?

Discussion in 'other anti-virus software' started by Steve029, Nov 30, 2007.

Thread Status:
Not open for further replies.
  1. Steve029

    Steve029 Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    3
    Hello,

    I was hoping someone in here could help me with a problem I've had that last two days.

    I use Avast anti-virus, it has a "web shield" that scans web pages for anything malicious. While browsing the Digital Trends forums, I received an alert that the site I was on contained Win32:Mhtplo-10 [Trj]. It advised me to abort the connetion and move the file that was in my temporary internet files folder to the Avast's virus chest. I tried to do this, but was prompted that the file was in use and could not be moved. So I chose "no action" and shut the browser down. Afterwards I was able to move the file in question to the virus chest.

    I then decided to look up what Win32:Mhtplo-10 was. So I went on Google and started to search.. and the same alert came up. It said that the Google search page contained Win32:Mhtplo-10 [Trj]. So I repeated the same actions as above.

    Since then I've run full scans with Avast!, AVG Anti-Spyware and Spybot's Search and Destroy and all scans were clean.

    I just find it odd that Avast detected these "threats" on reputable sites like Google and Digital Trends. It makes me want to believe that they must be false positives.

    This is the log that Avast created..

    ------------------------------

    11/29/2007 8:48:08 PM SYSTEM 1412 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "http://forums.digitaltrends.com/archive/index.php/t-4230.html\unp137460016" file.
    11/29/2007 8:48:33 PM SYSTEM 1412 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file.
    11/29/2007 8:54:51 PM Owner 2960 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file.
    11/30/2007 11:54:03 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "http://www.google.com/search?q=Win32:Mhtplo&hl=en&start=10&sa=N\unp266340129" file.
    11/30/2007 11:54:13 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9I66EBDU\search[1].htm" file.
    11/30/2007 11:54:40 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "http://www.google.com/search?q=Win32:Mhtplo&hl=en&start=10&sa=N\unp3580908" file.
    11/30/2007 11:54:41 AM SYSTEM 1404 Sign of "Win32:Mhtplo-10 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9I66EBDU\search[2].htm" file.

    ------------------------------

    I extracted the files from the virus chest and uploaded them to Jotti.Org.. only 4 of the detectors found a problem.. but the majority of them said that they were clean.

    My question is IF this truly was a Win32:Mhtplo-10 trojan.. how would I know my computer has been infected? My computer seems to be running fine with no unusual processes running.

    Any replies would be TRULY appreciated!
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    without posting the actual results, try: http://www.virscan.org/

    you should get a better picture if its a false positive.

    even if you aint sure, send the file to your AV company for analysis and they will tell you/fix it :)
     
Loading...
Thread Status:
Not open for further replies.