Author Topic: Wrong Malware Notice  (Read 8865 times)

0 Members and 1 Guest are viewing this topic.

CWBillow

  • Guest
Wrong Malware Notice
« on: June 25, 2006, 08:22:33 AM »
When I install "Revelation" ( www.snadboy.com/ ), Avast is giving me a malware alert.  It's a  key-logging program for uncovering passwords hidden by asterisks.

I've used this program, this version, for a couple years, and now it's getting blocked.

How do I tell Avast to allow this program to run?

Regards,
Chuck Billow

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Wrong Malware Notice
« Reply #1 on: June 25, 2006, 08:48:55 AM »
I used to use an old version of this program, so the way it works now may be different. The way it worked, was you ran the program, then ran the cursor over the *'s to reveal the letters. If the program is still the same, could you not just pause the scanner while you used the program?

Hope this helps.

CWBillow

  • Guest
Re: Wrong Malware Notice
« Reply #2 on: June 25, 2006, 09:30:19 AM »
Yes, I could just turn off Avast for the specific time(s) I need to... but:

Isn't there a "permanent 'This is Safe' notice"?

Barring (or on top of ) that, why all of a sudden, and will it then also show up during normal scans?

Due to all the above, and since you seemingly don't use it anymore, is there another program that's "safe"?

Regards,
Chuck Billow

>>
I used to use an old version of this program, so the way it works now may be different. The way it worked, was you ran the program, then ran the cursor over the *'s to reveal the letters. If the program is still the same, could you not just pause the scanner while you used the program?
<<

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Wrong Malware Notice
« Reply #3 on: June 25, 2006, 09:44:29 AM »
I have no more kids using my computor, that for reasons known only to them, that had to put passwords anywhere there was the option to.

Did you try, standard shield, customize, advanced? I'm not sure if it will accept complete file paths, but might be worth a try. I wouldn't even know where to look for a "safe" similar program. Sorry.

CWBillow

  • Guest
Re: Wrong Malware Notice
« Reply #4 on: June 25, 2006, 10:09:32 AM »
OM:

Avast DID take the path to the folder... thanks.

We'll know soon enough if that works.

BTW, you've stolen my name... my grandkids (and daughter / son-in-law) ALL call me "Old Man"... must be contagious!

Thanks,
Chuck

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Wrong Malware Notice
« Reply #5 on: June 25, 2006, 01:51:26 PM »
You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives and send a sample to avast so that it might be analysed and the VPS updates if required, helping other avast users.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CWBillow

  • Guest
Re: Wrong Malware Notice
« Reply #6 on: June 25, 2006, 07:02:54 PM »
David:

I got the report back, and it was mixed.

Below are th findings.

What now should I believe or do?

Regards,
Chuck Billow

*******************
Results of a file scan
This is a report processed by VirusTotal on 06/25/2006 at 18:49:06 (CET) after scanning the file "Revelation.exe" file.
Antivirus Version Update Result
AntiVir 6.35.0.16 06.25.2006 no virus found
Authentium 4.93.8 06.23.2006 no virus found
Avast 4.7.844.0 06.23.2006 Win32:Snadboy
AVG 386 06.25.2006 no virus found
BitDefender 7.2 06.25.2006 no virus found
CAT-QuickHeal 8.00 06.24.2006 no virus found
ClamAV devel-20060426 06.23.2006 no virus found
DrWeb 4.33 06.25.2006 no virus found
eTrust-InoculateIT 23.72.49 06.25.2006 no virus found
eTrust-Vet 12.6.2272 06.23.2006 no virus found
Ewido 3.5 06.25.2006 no virus found
Fortinet 2.77.0.0 06.25.2006 HackerTool/SnadBoy
F-Prot 3.16f 06.23.2006 no virus found
Ikarus 0.2.65.0 06.23.2006 PSWTool.Win32.SnadBoy.2011
Kaspersky 4.0.2.24 06.25.2006 not-a-virus:PSWTool.Win32.SnadBoy.2011
McAfee 4792 06.23.2006 potentially unwanted program PWCrack-SnadBoy
Microsoft 1.1481 06.25.2006 no virus found
NOD32v2 1.1622 06.25.2006 no virus found
Norman 5.90.21 06.23.2006 no virus found
Panda 9.0.0.4 06.25.2006 no virus found
Sophos 4.07.0 06.25.2006 no virus found
Symantec 8.0 06.25.2006 no virus found
TheHacker 5.9.8.164 06.23.2006 Trojan/SnadBoy.2011
UNA 1.83 06.23.2006 no virus found
VBA32 3.11.0 06.24.2006 no virus found
VirusBuster 4.3.7:9 06.25.2006 no virus found

VirusTotal is a free service offered by Hispasec Sistemas.

Spiritsongs

  • Guest
Re: Wrong Malware Notice
« Reply #7 on: June 25, 2006, 07:39:17 PM »
 :)  Hi CW :

      Keylogging programs are NEVER "safe"; you never know
      when an "update" may contain some spyware to further
      invade your privacy ( or worse ) .
      Since the "Report" shows there may be a problem, what
      does a "Full Scan" of your antiSPYWARE program show ?
      And should always mention the name of your Operating
     System, so recommendations can be "targeted" to it .
     A Google "search" revealed the following :

    http://virusinfo.prevx.com/viruscenter.asp?GRP=1642400027 .

CWBillow

  • Guest
Re: Wrong Malware Notice
« Reply #8 on: June 25, 2006, 07:47:56 PM »
Thanks for the link...

>>
Keylogging programs are NEVER "safe";
<<

Although I understand and agree on the premise, this program is not always running or resident, but rather only "as needed"...

Curious that this program is (at least) 3-5 years old, and this is the first occurrence of warning...

Oh well...

Regards,
Chuck

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Wrong Malware Notice
« Reply #9 on: June 25, 2006, 08:21:50 PM »
There is another thread in the forums which also concerns something similar to this see http://forum.avast.com/index.php?topic=21861.0.

It is down to you if you decide to accept that it is for god rather than malicious use on your own system and that the program doesn't phone home, etc. Then you can add it to the exclusions lists of the Program Settings, exclusions and Standard Shield.

There are other password revealers that aren't also key loggers.
Protected Storage PassView v1.62 http://www.nirsoft.net/utils/pspv.html
http://www.nirsoft.net/password_recovery_tools.html and SC-PassUnleash to reveal your passwords behind the asterisks (***) fields http://www.soft-central.net/passunleash.php
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CWBillow

  • Guest
Re: Wrong Malware Notice
« Reply #10 on: June 25, 2006, 09:00:10 PM »
David:

>>
There are other password revealers that aren't also key loggers.
Protected Storage PassView v1.62 http://www.nirsoft.net/utils/pspv.html
<<

Got this from the site:

Known Problems
False Alert Problems: Some Antivirus programs detect Protected Storage PassView utility as infected with Trojan/Virus.
Recent update: Norton Antivirus detect Protected Storage Passview as an hack tool.

Seems to be an issue...

Regards,
Chuck Billow

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Wrong Malware Notice
« Reply #11 on: June 25, 2006, 09:22:28 PM »
Neither of the ones I mentioned are detected by avast! the major issue is intent and the fact that AVs can't determine intent so may flag just in case (some might say that is a false positive). So if you are aware of what its purpose is and you installed it no problem ad to exclusions if it were to be detected.

I have had one version or other of both tools on my system for years and they have never been flagged.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CWBillow

  • Guest
Re: Wrong Malware Notice
« Reply #12 on: June 27, 2006, 08:44:48 AM »
David:

The desired effect is what the point is here after all... so I downloaded and installed Pass-Unleash, and it seems to work well without any issues....

Thanks for your help.

Regards,
Chuck Billow

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Wrong Malware Notice
« Reply #13 on: June 27, 2006, 02:38:22 PM »
No problem, glad I could help.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security