Win32:Mhtplo-10 - False positive?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello,

I was hoping someone in here could help me with a problem I've had
that last two days.

I use Avast anti-virus, it has a "web shield" that scans web pages for
anything malicious. While browsing the Digital Trends forums, I
received an alert that the site I was on contained Win32:Mhtplo-10
[Trj]. It advised me to abort the connetion and move the file that was
in my temporary internet files folder to the Avast's virus chest. I
tried to do this, but was prompted that the file was in use and could
not be moved. So I chose "no action" and shut the browser down.
Afterwards I was able to move the file in question to the virus chest.

I then decided to look up what Win32:Mhtplo-10 was. So I went on
Google and started to search.. and the same alert came up. It said
that the Google search page contained Win32:Mhtplo-10 [Trj]. So I
repeated the same actions as above.

Since then I've run full scans with Avast!, AVG Anti-Spyware and
Spybot's Search and Destroy and all scans were clean.

I just find it odd that Avast detected these "threats" on reputable
sites like Google and Digital Trends. It makes me want to believe that
they must be false positives.

This is the log that Avast created..

------------------------------

11/29/2007 8:48:08 PM    SYSTEM    1412    Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://forums.digitaltrends.com/archive/index.php /
t-4230.html\unp137460016" file.
11/29/2007 8:48:33 PM    SYSTEM    1412    Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file.
11/29/2007 8:54:51 PM    Owner    2960    Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5\I4GUG4E9\t-4230[1].htm" file.
11/30/2007 11:54:03 AM    SYSTEM    1404    Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://www.google.com/search?
q=Win32:Mhtplo&hl=en&start=10&sa=N\unp266340129" file.
11/30/2007 11:54:13 AM    SYSTEM    1404    Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5I66EBDU\search[1].htm" file.
11/30/2007 11:54:40 AM    SYSTEM    1404    Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "http://www.google.com/search?
q=Win32:Mhtplo&hl=en&start=10&sa=N\unp3580908" file.
11/30/2007 11:54:41 AM    SYSTEM    1404    Sign of "Win32:Mhtplo-10 [Trj]" has
been found in "C:\Documents and Settings\Owner\Local Settings
\Temporary Internet Files\Content.IE5I66EBDU\search[2].htm" file.

------------------------------

I extracted the files from the virus chest and uploaded them to
Jotti.Org.. only 4 of the detectors found a problem.. but the majority
of them said that they were clean.

My question is IF this truly was a Win32:Mhtplo-10 trojan.. how would
I know my computer has been infected? My computer seems to be running
fine with no unusual processes running.

Any replies would be TRULY appreciated!

Re: Win32:Mhtplo-10 - False positive?

thx1138xxix@yahoo.com after much thought,came up with this jewel in
:

Quoted text here. Click to load it

Google search results have had some issues(along with others)
See
http://blogs.zdnet.com/security/?p=688&tag=nl.e550
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Site Timeline