Avast WEBforum

Other => Viruses and worms => Topic started by: cazoza on March 15, 2009, 06:18:24 PM

Title: FP in nero 9.2.6.0 trial exe
Post by: cazoza on March 15, 2009, 06:18:24 PM

Anyone with this problem? I have downloaded nero 9.2.6.0 from http://www.nero.com/esp/downloads-nero9-update.php and when it downloads Avast catch a: Win32:SdBot-RT [trj]. How could this happen? if it is an official download from the official page. So i think is a FP. Can anyone confirm this apart from me? Thankz!

Title: Re: FP in nero 9.2.6.0 trial exe
Post by: DavidR on March 15, 2009, 07:18:05 PM

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451 (http://forum.avast.com/index.php?topic=34950.msg293451#msg293451), how to report it to avast! and what to do to exclude them until the problem is corrected.

Title: Re: FP in nero 9.2.6.0 trial exe
Post by: cazoza on March 15, 2009, 07:24:02 PM

the problem is that the file is 320 Mb! and it could take a while to submit it and i think it is not possible to submit it. so could you try to downloading the nero trial, and see what happens. Thankz. By the way, my avast deleted the exe, because it is programmed to do that when it is impossible to quarantine the infected file. The download was at 20% or 30% when avast stop it and deleted it.

Title: Re: FP in nero 9.2.6.0 trial exe
Post by: DavidR on March 15, 2009, 07:47:24 PM

OK, is it showing a file within the installation file, if so what ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

If it does you could pause the web shield to at least allow you to download it, the standard shield would still alert when the download completes, select no action (leaves it in the downloaded location.

I use 7zip and that can open .exe installers this would allow for the suspect file to be extracted, to the suspect folder mentioned earlier. Then that could be checked and or submitted.

Or you could still send the report to virus@avast.com, with a link to the download location and this topic might help and possible false positive in the subject.

Title: Re: FP in nero 9.2.6.0 trial exe
Post by: cazoza on March 17, 2009, 04:51:27 AM

Thankz for your help! I submitted my warning log to Avast, and the FP was fixed in the latest database. Thanks! Take care!

Title: Re: FP in nero 9.2.6.0 trial exe
Post by: DavidR on March 17, 2009, 04:39:34 PM

You're welcome, thanks for the update.