A Lot of False Positives Lately

[kyuuketsuki_kurai]

Hey there, I use Avast! 4.8 Home Edition (VPS 100130-1), and I've been noticing quite a few false positives on the forum lately.
I've experienced and reported a few myself.
First, soundman.exe, part of Realtek's auido manager was detected.
Then, after they fixed that one, another part of the audio manager, alcfdrtm.exe, was being detected.
I really like Avast!, and normally have no problems, but the false positives are getting a little annoying. Any clue what's going on?

[Freeway]

I agree with you. Lately I keep receiving lots of false positive and reporting them. I like using avast but am concerned by this recent trend. Please can you tell us why this is happening.


Thanks

[Hermite15]

important is to report each false detection, they generally correct this on the next update; but yeah, it's weird that there's been quite a few reports on the forums lately. My system hasn't been affected so far...

[kyuuketsuki_kurai]

I always report them, since they can't fix what they don't know.
It worries me, though, since I'm kinda tech support in the family, and they're more the "OMG virus! Delete it!" types, no matter how hard I try to teach them otherwise.
Plus, so many in such a short time makes me wonder what's going on.

[Hermite15]

I always report them, since they can't fix what they don't know

wow, good thinking 

[kyuuketsuki_kurai]

Maybe it comes from working malware removal and customer service before... Seems to be the part everyone forgets.

[Freeway]

Each time I update now I get "suspected" viruses when I scan, allways Win32:Malware-Gen. I will continue to report these as I suspect they are false positives. It's a shame really if this is the case as avast is one of the few that runs on my OS - Win ME. Until recently it was reliable. Is anyone else having this problem?

[RONIN2010]

You need to open a ticket with avast support. It may take awhile before you get a response due to the high volume of issues and complaints but I would suggest doing so anyway. If you browse the community forum here as well as the support forum for avast, you will see quite a bit of complaints and issues regarding the Win32:Malware-Gen virus alerts and false positives, that have been occurring with the last few updates.

[rubybear]

Since reading on this forum that the Inchtour.exe file was actually a false positive detected by Avast, I decided to do an Avast scan of all 29 of the supposedly infected files in my Virus Chest.  Out of the 29, only 4 were actual viruses!  This makes me wonder if I can rely on how Avast detects viruses.  Since many of these files have been in my virus chest for months or years, I wonder if some of my programs aren’t running as efficiently as they should, since some components are trapped in the virus chest.

Also, somewhat related, I wish Avast would inform us in the properties notes whether a file in the chest has been restored or not.  Once I restore a file, it is still listed in the chest, and I have no way of knowing whether I already restored it or not.

[.: L' arc :.]

I have soundman.exe too but it appears like I do not have the said false positive detection. Could it be possible that it was a rogue/infected soundman.exe or it was a coincidence that avast! did not detect it on my PC?

[Starkla1990]

I've got four detected files called main.ndb in avast virus chest. Should I let them there, or can I delete them from my virus chest and my computer? I've read that they are false positive files, but I'm not sure. What happens if I delete them??

[rubybear]

My solution to determine if the files in my virus chest are really viruses or not is this:

Within the virus chest, I right click on the file, and click on Scan.  If it's really a virus, you will get the alarm.  Just close the information box that shows up after the scan and leave the file alone.  If it really isn't a virus, once you close the information box, the description of the file will change in the "Virus" column, to "--no virus--".

Rather than delete the file, I have chosen to restore those non-virus files back to their original programs (right click and choose 'restore').  If you delete them, I wonder if the program they belong in will not work properly.  I know there were a whole bunch of false positive files like this from the Spybot program, and you wouldn't want to delete those.

[polonus]

Hi malware fighters,

Well it can be instructive to again reproduce what one should do in case of an apparent FP.
At first never assume until you have found what it is. Never delete, whenever there is a possibility to put it into the chest, you can put it back if a FP appears to have been falsely flagged, especially in cases where the file is essential for a program or the system to run correctly.
Upload the file to a multi-scanner online like virustotal.com to check if only avast flags it and GData (they have similar signatures). If there are only two flags very likely it is either a new one or zero day or a real False Positive find. In doubt come to the virus and worms and ask and of course update to avast for evaluation and eventual correction.
False Positives are in the bargain where such a multitude of malcode characteristics are found, packers that are used in malware can ring a bell for a trusted software or obfuscation tools used in malware. Especially where genetic characteristics are scanned for we are apt to find a larger percentage of False Positives. Remember the coders of avast are always ready to act on FPs to establish their nature and correct them if needed. They also depend on us forum members to help then to make avast the best and most reliable scanner of the globe. Let us work towards the common goal of making avast av even better,

polonus