Author Topic: FP in nero 9.2.6.0 trial exe  (Read 3338 times)

Offline cazoza

  • Full Member
  • ***
  • Posts: 140
  • Gender: Male
  • a pretty malwarefighter! dont u think?
    • Personal Message (Offline)
FP in nero 9.2.6.0 trial exe
« on: March 15, 2009, 04:18:24 PM »
Anyone with this problem? I have downloaded nero 9.2.6.0 from http://www.nero.com/esp/downloads-nero9-update.php and when it downloads Avast catch a: Win32:SdBot-RT [trj]. How could this happen? if it is an official download from the official page. So i think is a FP. Can anyone confirm this apart from me? Thankz!
Our actions define who we are

MoBo ASUS P5QC
ATI HD3650 1 Gb RAM PCI-E 2.0
Win 7 Ultimate x64
Quad Core q6600 2.4 GHz
8 Gb RAM DDR2 800 MHz
500 Gb HDD SATA2 32 Mb Buffer 7200 RPM

Avast 5.0.462 Free
Outpost Firewall Pro 2009 v6.7.3

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: FP in nero 9.2.6.0 trial exe
« Reply #1 on: March 15, 2009, 05:18:05 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline cazoza

  • Full Member
  • ***
  • Posts: 140
  • Gender: Male
  • a pretty malwarefighter! dont u think?
    • Personal Message (Offline)
Re: FP in nero 9.2.6.0 trial exe
« Reply #2 on: March 15, 2009, 05:24:02 PM »
the problem is that the file is 320 Mb! and it could take a while to submit it and i think it is not possible to submit it. so could you try to downloading the nero trial, and see what happens. Thankz. By the way, my avast deleted the exe, because it is programmed to do that when it is impossible to quarantine the infected file. The download was at 20% or 30% when avast stop it and deleted it.
Our actions define who we are

MoBo ASUS P5QC
ATI HD3650 1 Gb RAM PCI-E 2.0
Win 7 Ultimate x64
Quad Core q6600 2.4 GHz
8 Gb RAM DDR2 800 MHz
500 Gb HDD SATA2 32 Mb Buffer 7200 RPM

Avast 5.0.462 Free
Outpost Firewall Pro 2009 v6.7.3

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: FP in nero 9.2.6.0 trial exe
« Reply #3 on: March 15, 2009, 05:47:24 PM »
OK, is it showing a file within the installation file, if so what ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

If it does you could pause the web shield to at least allow you to download it, the standard shield would still alert when the download completes, select no action (leaves it in the downloaded location.

I use 7zip and that can open .exe installers this would allow for the suspect file to be extracted, to the suspect folder mentioned earlier. Then that could be checked and or submitted.

Or you could still send the report to virus@avast.com, with a link to the download location and this topic might help and possible false positive in the subject.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline cazoza

  • Full Member
  • ***
  • Posts: 140
  • Gender: Male
  • a pretty malwarefighter! dont u think?
    • Personal Message (Offline)
Re: FP in nero 9.2.6.0 trial exe
« Reply #4 on: March 17, 2009, 02:51:27 AM »
Thankz for your help! I submitted my warning log to Avast, and the FP was fixed in the latest database. Thanks! Take care!
Our actions define who we are

MoBo ASUS P5QC
ATI HD3650 1 Gb RAM PCI-E 2.0
Win 7 Ultimate x64
Quad Core q6600 2.4 GHz
8 Gb RAM DDR2 800 MHz
500 Gb HDD SATA2 32 Mb Buffer 7200 RPM

Avast 5.0.462 Free
Outpost Firewall Pro 2009 v6.7.3

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: FP in nero 9.2.6.0 trial exe
« Reply #5 on: March 17, 2009, 02:39:34 PM »
You're welcome, thanks for the update.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now