Win/32AMalum.ZZOSC Virus Alert

[exhaling_c02]

Hello...

Just received a virus alert named, 'Win32/AMalum.ZZOSC'. 'RealOneMessageCenter.exe' was the culprit, according to my CA Anti-Virus 2009. Is this a false-postive alert? The alert just popped up out of nowhere. I couldn't find any information about Win32/AMalum.ZZOSC on CA's website.

Thanks for any help/advice given, in advance.

[exhaling_c02]

Quote:

Originally Posted by exhaling_c02

Hello...

Just received a virus alert named, 'Win32/AMalum.ZZOSC'. 'RealOneMessageCenter.exe' was the culprit, according to my CA Anti-Virus 2009. Is this a false-postive alert? The alert just popped up out of nowhere. I couldn't find any information about Win32/AMalum.ZZOSC on CA's website.

Thanks for any help/advice given, in advance.

____________________________________________

Update:

I also just received another new alert -- Win32/AMalum.ZZNWH due to 'rphelperapp.exe'.

[NigelD]

I just got the same message with 19 files detected and 18 of them quarantined but one still infected. Any clues as to how I get rid?

[icflordlucan]

Seems this is happening to a few of us. It can't be a coincidence, so my thoughts are that it's a false/positive. However, when CA was quarantining files, I was getting Windows system messages telling me the files being quarantined are genuine Windows files and my system may become unstable.
Does this mean it's safe to restore them from the quarantine bin (once CA is no longer popping infected messages)?

[spud]

Check again after the next update as this looks like a false positive.

[PCdocnz]

CA AV has to be DISABLED before restoring the files, otherwise it simply
re-quarantines them straight away.

This is a disaster, considering the number the number of PC's we have installed CA on, now starting to come up with this issue.
Will the new sig update automatically restore these files in quarantine or does every PC with this issue need to have the files manually restored??

[icflordlucan]

How can one restore the files with CA AV disabled?
Anyone know how?
My guess would be that when the next definition comes out, these files will no longer set off alerts, so simply restoring them from quarantine should do the trick. However I could be wrong, but that just seems like common sense to me.
Nonetheless, this is a huge pain. I have now lost 2 working hours scanning my system with various products, reading this forum and searching online for answers.
Incidentally, the CA definition I have is 6604.
My wife has the same definition on her p.c and she's had no issues at all (so far).

[NigelD]

My infected file is called C:\WINDOWS\Installer\30d2a.msi<common\update.exe>. Should I try to delete this file or wait for CA to do a fix?

My definition also is 6604.

[eculli]

I just got following message.

7/8/2009 16:58:31 PM File infection: C:\WINDOWS\system32\net.exe is Win32/AMalum.ZZNPB infection. Quarantined
7/8/2009 16:58:32 PM File infection: C:\WINDOWS\system32\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined
7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\net.exe is Win32/AMalum.ZZNPB infection. Quarantined
7/8/2009 16:58:38 PM File infection: C:\windows\ServicePackFiles\i386\net.exe is Win32/AMalum.ZZNPB infection.
7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined
7/8/2009 16:58:39 PM File infection: C:\windows\ServicePackFiles\i386\netsh.exe is Win32/AMalum.ZZOKH infection.
7/8/2009 16:58:42 PM File infection: C:\WINDOWS\system32\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined
7/8/2009 16:58:47 PM File infection: C:\windows\SERVIC~1\i386\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined
7/8/2009 16:58:47 PM File infection: C:\windows\ServicePackFiles\i386\reg.exe is Win32/AMalum.ZZOAF infection.
7/8/2009 16:58:49 PM File infection: C:\WINDOWS\system32\verclsid.exe is Win32/AMalum.ZZNRA infection. Quarantined

I just got an auto update from CA today & errors appeared. Is this false and if so how do I fix problem

[spud]

In answer to you all, make sure you disable automatic deletion of quarantined files so that you can restore them when the update comes out and its confirmed a false positive. I am sure CA will be quick to patch this issue.