False Positive - muon1bench.exe seen as Win32:Qukart-Z[Trj]

[Assimilator1]

muon1 is the Distributed Computing project primarily known as DPAD, Distributed Particle Accelerator Design, for more info see here http://www.stephenbrooks.org/muon1/

I've only just noticed the 'report false positive' link in the popup so I'll send that now, hopefully this can be sorted out .

Oh btw muon1bench is an addon program to DPAD to check points output.

[polonus]

Hi Assimilator1,

You should make that the link cannot be clicked by the curious of nature by entering hxxp: etc.
Jukatys Detektor had nothing there:

No zeroiframes detected!
Check took 5.72 seconds

(Level: 0) Url checked:
hxxp://www.stephenbrooks.org/muon1/
Zeroiframes detected on this site: 0
No ad codes identified

Explot Prevention Labs: Link Checker also gives the all green.

The only issue to be contemplated is this link:

Code: [Select]

[/]<link rel='icon' href='/muon1/hidden/favicon.ico' type='image/x-icon' /> Could be a FP,

polonus

[DavidR]

What exactly are you getting the alert on Change the http in the URL to hXXp so the suspect link isn't active ?

I have just visited the above line and no alerts.

Edit:
So if this alert is on the file you download to your system (I haven't downloaded anything on dial-up), then confirm or deny the detection and report to avast as below.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[Lisandro]

I have just visited the above line and no alerts.

Me too.

Does anybody know any firefox extension that allow to see (get) the html source of a site without having to actually go there with the browser (and get avast alerts)?

[Yuno]

I have just visited the above line and no alerts.

Me too.

Does anybody know any firefox extension that allow to see (get) the html source of a site without having to actually go there with the browser (and get avast alerts)?

Use the W3 Markup Validator and toggle Show Source. It's what I've been doing instead of installing a firefox extension.

[Lisandro]

Use the W3 Markup Validator and toggle Show Source. It's what I've been doing instead of installing a firefox extension.

Useless for javascript obfuscated... sorry.

[Lisandro]

Unless, this is what we're looking for...
Testing hxxp://tejary.net/

[DavidR]

I have just visited the above line and no alerts.

Me too.

Does anybody know any firefox extension that allow to see (get) the html source of a site without having to actually go there with the browser (and get avast alerts)?

You shouldn't need any validator add-on as View Page Source is a context menu option in firefox and IE, etc. It still means you have to visit the site anyway to be able to either view or validate the page source.

If you have the URL you could use a download manager to grab it, but avast may alert when downloaded, but you can always select no action.

[Lisandro]

View Page Source is a context menu option in firefox and IE, etc. It still means you have to visit the site anyway to be able to either view or validate the page source.

Well, I know that... what I want is have a way to check without WebShield blocking the connection to that site... maybe impossible in my computer as I use WebShield scanning *all* http connections... never mind. I give up...

[Assimilator1]

Hi Assimilator1,

You should make that the link cannot be clicked by the curious of nature by entering hxxp: etc.
Jukatys Detektor had nothing there:

No zeroiframes detected!
Check took 5.72 seconds

(Level: 0) Url checked:
hxxp://www.stephenbrooks.org/muon1/
Zeroiframes detected on this site: 0
No ad codes identified

Explot Prevention Labs: Link Checker also gives the all green.

The only issue to be contemplated is this link:

Code: [Select]

[/]<link rel='icon' href='/muon1/hidden/favicon.ico' type='image/x-icon' /> Could be a FP,

polonus

Why should I blank out the link?? it's a perfectly safe program, as I said it's a false positive
The file in question is under the utilities section.

DavidR
As I mentioned latter on in my 1st post I have indeed reported this as a FP within Avast. Thanks for the link, I'll check that out .
I just thought seeing as I'd gone to the trouble of writing already I'd post it
Btw I haven't quarantined it as I know it's safe.

[edit] Tried both options from your link & neither worked .

[Lisandro]

Hope they define if it is a false positive (and correct it) or say the detection is correct...

[DavidR]

<snip>
DavidR
As I mentioned latter on in my 1st post I have indeed reported this as a FP within Avast. Thanks for the link, I'll check that .
I just thought seeing as I'd gone to the trouble of writing already I'd post it
Btw I haven't quarantined it as I know it's safe.

[edit] Tried both options from your link & neither worked .

They are normally quite quick to correct an FP once identified, which is why it is advantageous to have a copy in the chest to scan from within the chest. Have you tried scanning them again or has avast alerted on them or presumably you wouldn't be able to use it ?

If it is still detected and the two options didn't work then you aren't entering the correct path in the fields, what path and file name did you enter ?

e.g. c:\program files\monu1\muon1bench.exe or whatever the full path and file name of the alert are.
You could use a wildcard to shorten that c:\*\muon1bench.exe as the * wildcard would exclude the muon1bench.exe in any folder/sub-folder in the C:\ drive.

[Assimilator1]

I don't understand why you say it needs to have a copy in the chest?, anyway unfortunately I no longer have that PC, it's gone back to the owner. I didn't specifically scan the file but avast hasn't flagged it recently, although I hadn't ran it recently either. I had meant to run it on thursday (the last day I had it) to see it'd been fixed but I forgot 
Earlier the only way I could use it was to turn off avast.
I did enter the correct path as I did each option at least twice to be sure, maybe avast needed restarting?? Unfortunately I can't check it anymore.

Tech
To confirm for yourself (& others) that it is a safe file go to the DPAD forum 'general' section & checkout the benchmarking thread, it goes back years & the file has been used by dozens of people .

It would be nice to hear from the avast people if it has been fixed (or don't they post here?)
Especially as I'd left the file on the customers rig!  , doh! I had meant to delete it to avoid any confusion, best I warn him Avast is giving FPs on it......

Can't someone with Avast d/l it for me to find out? (I don't have Avast on my rigs atm).

[Lisandro]

Can't someone with Avast d/l it for me to find out? (I don't have Avast on my rigs atm).

They usually corrects false positives very soon. Hope this would be not an exception.

[Assimilator1]

Seems to be fixed, I got a friend to d/l & run muon1bench & no warning pop ups happened .

Thanks folks 

[edit] Or maybe not? http://www.virustotal.com/analisis/bc538d6f73cfa491daba599c29bcb8c4 , shows that it's still being flagged 
I don't know how that site works, maybe it's out of date?