Quote from JTbo :

have no long term experience with Avira (other than some old version which was really bad) so might put to one box for a test

I have a long term experience with Avast and I'm far from happy with it.

This comparison chart confirms what I read somewhere else and what I experienced first-hand.

well, if you guys say so.

Then i'll remove Avast and install Antivir.

please help me!

Can't repair?

delete? will also delete LFS.exe?

False positive or not?

Don't take immediate action. Take note of the full path of the executable. Use the search if necessary. Take note if different versions of the same file are available. Then look at file properties: dimensions, last accessed, last modified. Compare the dimensions to a clean LFS.EXE (I'm at work, I cannot give the right dimensions). If last modify is not the last day in which you updated your LFS version, it's suspicious. It may also be a false positive (it happens).

To have a better insight, go to http://virusscan.jotti.org . Wait in line till the server allows you to upload. Upload LFS.EXE and take a look at the results. Post it here if you like, I can have a look at them for you. Please, just the text.

Edit - That file seems to be somewhere in your Documents and Settings folder. This is in no way a correct location for LFS, although you may have installed it there. Take a look at the path of LFS you usually run.

Re-Edit: the dimension of LFS.EXE should be 1.728.512 byte.

Quote from Takumi_lfs :

please help me!

Can't repair?

delete? will also delete LFS.exe?

Delete, if it does not work later just reinstall LFS, not much else to do really

File: LFS.exe Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5: e0c2f6ca50eb7e9007071c163f9f0474 Packers detected: -
Bit9 reports: File not found

Scan taken on 28 Aug 2007 13:31:13 (GMT) A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found DLOADER.Trojan (probable variant)
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Really looks like a false positive to me. Antivir is over-zealous in this case, it must be the heuristic recognition. Ignore the threat, set Antivir to ignore LFS.EXE or the whole folder or disable heuristics.

strange... only LFS.exe was infected with it.

Do you have it too? try to upload your own LFS.exe file

and Scanning on Safe-mode is enough right? so i dont have to Boot-Scan again...

That's a false positive, something in LFS.EXE exhibits code which is similar but not equal to a trojan. This happens with heuristic scans, that's why some antiviruses have a better recognition than others.

(but they're prone to false positives )

Update: I installed Antivir on Vista and updated it. I scanned LFS.EXE with both low, mid and high heuristic recognition and no problem whatsoever was signalled with the executable. Mmmm. I then submitted LFS.EXE to Jotti. The files have the same md5 hash, so they should be exactly the same file. The scan results are the same. This is a false positive, although I cannot tell exactly why since Antivir has a different behaviour on your computer and on mine: it may be different updates, different OSes or an interaction with other resident protection tools.

What does quarantine actually do?

It found 1 malware and put it to Quarantine because there wasent options left.

Quote from Takumi_lfs :

What does quarantine actually do?

It found 1 malware and put it to Quarantine because there wasent options left.

It removes file from original location and copies it to special quarantine location where those nasty pests can't spread, think it as deep freeze or carbage can. You can remove files from quarantine and also restore (depends bit from av program).

Quote from Albieg :

That's a false positive, something in LFS.EXE exhibits code which is similar but not equal to a trojan. This happens with heuristic scans, that's why some antiviruses have a better recognition than others.

(but they're prone to false positives )

Update: I installed Antivir on Vista and updated it. I scanned LFS.EXE with both low, mid and high heuristic recognition and no problem whatsoever was signalled with the executable. Mmmm. I then submitted LFS.EXE to Jotti. The files have the same md5 hash, so they should be exactly the same file. The scan results are the same. This is a false positive, although I cannot tell exactly why since Antivir has a different behaviour on your computer and on mine: it may be different updates, different OSes or an interaction with other resident protection tools.

Strange. I'm going to remove the current Exe file and download lfs again then replace the exe file...

Quote from Takumi_lfs :

Strange. I'm going to remove the current Exe file and download lfs again then replace the exe file...

Nothing should really change, the md5 hash you see on Jotti is calculated on the whole file, and if the hash is the same there's no reason to believe the files are different. You should have the same results if the md5 hash is the same.

Having the same hash with different files is possible (although extremely rare), but I think I can safely rule out this possibility in this case.

Edit: I add the results of my online scan for reference.

File: LFS.exe
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5: e0c2f6ca50eb7e9007071c163f9f0474

Scan taken on 28 Aug 2007 14:45:22 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found DLOADER.Trojan (probable variant)
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

if it where me id re install windows or reformat the hard drives in order to removed it ( unless whoever coded it was good and got into the programme files... )

this is why i have a dedicated lfs external hard drive

Quote from theirishnoob :

if it where me id re install windows or reformat the hard drives in order to removed it ( unless whoever coded it was good and got into the programme files... )

this is why i have a dedicated lfs external hard drive

I already fixed my PC. I really Recommend Antivir for those ppl who got Trojans

Sort of an afterthought, LFS was deemed by some AV's as a virus, because of the auto-download function inside of it.

I changed the exe file... Antivir doesnt see LFS as an detection anymore..

Really, really strange...
If you managed to keep the old LFS executable (I always keep no longer active suspect files until analysis is finished) you could compare the two with fc from a command prompt to see if there's a difference.

already removed...

Quote from theirishnoob :

this is why i have a dedicated lfs external hard drive

...yes, congratulations, why don't we all throttle our LFS loading over a USB2 interface?

I did the same thing with an old 7200.7 HDD, but doing it via an External is just pointless.