My last scan since updating to .95 were 5 files quarantines. They all said they contained Virut.Gen.D-163

On 3 files - I was able to run past virusscan.jotti and they came back clean but 2 were too large for jotti and virustotal to scan.

Should I assume they are also false positives or is there a way to get these 2 verified?

Jeff

Those Virut.Gen.D-163 detections of Microsoft Office products are false positives. I have a couple myself. They know about them and are in the process of fixing them. Until they do, I suggest you turn off quarantine and verify all detections with VirusTotal/Jotti before quarantining.

My two files are:
EXCEL.EXE MD5 hash:0187bdafbafaf967bb91b4f2d8e33bc8 byte size is 17891112
excelcnv.exe MD5 hash:6f2d4fd1966f65e4853910884b8904cb byte size is 14674216

There appear to be several versions of these files. The false positive has been fixed on a couple of them. If your false positives are not the same as my two files, please get back to us here.

Regards,

These are mine - all with the same virus

C:\Program Files\MSECache\O2007Cnv\1033\O12Conv.cab: W32.Virut.Gen.D-163 FOUND
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE: W32.Virut.Gen.D-163 FOUND
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\XL12CNV.EXE: W32.Virut.Gen.D-163 FOUND
C:\WINDOWS\Installer\3901b11: W32.Virut.Gen.D-163 FOUND

I was able to check 2, which came back as falso positives, but the other 2 are too big to send.

JJ

Perhaps Alch can suggest something.

Regards,