Returnil AVG, false positive?

Hi,
I downloaded and installed Returnil free from Major Geeks and scanned it with NOD32, it was clean. A scan on a different computer with AVG free showed a
trojan named "SHeur.FA". This concerned me so I did the same with a download from a different source and got the same AVG warning. A Google search turned up nothing. I am attempting to upload the file to a link provided by AVG for analysis but the site is rather busy. Both of these anti virus progs are up to date.

I need the use of my notebook but I want to be sure it is clean. Given the information above is it safe to assume this is a false positive? (as if it's ever safe to assume). I seem to recall a similar issue posted here (?) but my search revealed nothing.
90% of my downloads are from MG and I have never had problem.

 

The results from the scan at virusscan.jotti.org by 20 +\- different scans resulted in a negative. AVG was the only positive.

 

MA and CP (co-owners of MGs) check very thoroughly all software to make sure it is clean before they allow it to be downloaded via this site. You can as sure as is possible to be that it will be clean, and AVG is giving you a false positive.

 

Hi Lev
Thanks for the reply. I felt it may be a false positive, as I have never had a problem with a download here. It's reassuring to have someone with more experience say the same.

 

I also encountered SHeur.AFJ on my home computer. It was also found by AVG. But, like you I cannot find any info on the "virus".

AVG found 12 instances on my computer. Infected files were executables residing in the "Documents and Settings" folders. The .exe files were related to a Quicken subdirectory.

I went to my banking sites and changed all my passwords; no indication of any issues....yet.

I'm not convinced that this is a "false-positive" alert. Need more info to be sure.

 

WCU80MT, I'm experiencing the exact same thing as of this morning. Google Trends is reporting "sheur.afj" as #14 in their list of popular searches today, so something's up. AVG says it has removed the virus.

Coincidentally (or maybe not?), yesterday was the first day that AVG hit on something in its daily scan that it had to remove: Exploit.ANI and exploit.MS05-002.

Anybody know what's going on and how to stop it?

 

WCU80MT and Meomy: Please start a new thread for the issues you are experiencing, rather than tagging on to someone else's. It makes it very difficult for the OP to follow advise, especially since the solution may not be the same for each situation.

 

AVG detected 7 instances of SHeur.AFJ on my computer. In Program Files\Quickbooks 2006...

AVG says "Infected, imbedded object"

HELP!

 

This popped up from my AVG scan today too, in my quickbooks file. I went to the Intuit site and there was a message there that they are in discussion with AVG about what this is. It seems to be only AVG that is turning this up, and seems to be mostly intuit programs.