Avast WEBforum
Other => Viruses and worms => Topic started by: anglophile1 on December 06, 2013, 04:44:46 PM
-
Hello,
I was wondering if this file is actually harmful? It seems to be linked to google updater and I keep getting a popup saying this has been blocked: Win32:Fareit-LM [Trj]
Every few minutes. I did a search on it, and people are talking about it here too: http://forums.moneysavingexpert.com/showthread.php?p=63995744
Is it dangerous or are they right, is it a false positive? My information is the same as theirs.
-
Could you attach a screenshot of the Avast alert please
-
I am getting the same thing on my computer. Won't stop popping up. It pops up every minute or so sometimes more. Attached is a screen shot of the alert (at least I think I attached it).
-
I'm receiving the very same alert - two in a row every couple of minutes. A full AVAST scan does not find anything, nor does a competitor's product.
-
Mine seems to have finally stopped alerting me. Maybe it is a false positive?
-
Me too.
Please fix this false positive!
-
I'm also receiving these alerts - every few minutes. Just started today. I can't attach a screenshot, but here is what the Avast popup says:
avast! Web Shield has blocked a harmful webpage or file.
Object: http://.../GoogleUpdateSetup.exe
Infection: Win32:Fareit-LM (Trj)
Process: C:\\Windows\system32\svchost.exe
-
Found this link from another forum post. It looks like Avast is aware of it: https://twitter.com/avast_antivirus/status/408997111896608768
-
I am having this same issue, it is going off every few minutes. There is a pop up that a threat has been detected Win32:Fareit-LM [Trj]
Help! How do I stop this?!
-
Could you update Avast and see if the FP has been fixed
-
I started getting this popup repeatedly today
-
I started getting this popup repeatedly today
You can send virus@avast.com , please.
put "False positive" to email subject
use http://www.avast.com/contact-form.php
add here the url to the exclusion list
(http://i.imgur.com/GszlGbX.png)
-
How do you find the full URL to exclude?
The popup only shows "http://.../GoogleUpdateSetup.exe", and the "More details..." button still only shows as much as "http://r5---sn-aigeznl6.c.pack.google.com/edgedl/upd..."!
-
Open the avast >Statistics> place the mouse pointer on the url in last scanned items
or elseth the logs C:\ProgramData\AVAST Software\Avast\report\WebShield.txt
-
Thanks. Logs are in <C:\ProgramData\Alwil Software\Avast5\report\> for me - maybe it depends on whether Avast! was installed fresh or upgraded from a previous version.
-
Thanks. Logs are in <C:\ProgramData\Alwil Software\Avast5\report\> for me - maybe it depends on whether Avast! was installed fresh or upgraded from a previous version.
welcome
You are using an old version 5.0.677 because the folder name is no longer "alwil software" and yes avast software.
-
This is very irritating. The URL we are asked to add to the exclusion list is so long with no way to copy it. And I can't find the folder either. Please fix this issue as soon as possible. I had to disable my protection to maintain my sanity. And now I really don't feel safe surfing.
Thank you
-
Here is a screenshot:
(http://www.imgdumper.nl/uploads7/52a248328c808/52a248327f11d-Naamloos.png)
Location C:\ProgramData\AVAST Software\Avast\report
*
* Schild gestopt: donderdag 5 december 2013 22:27:58
* Run-time was 6 uur, 45 minu(u)t(en), 45 seconde(n)
*
*
* avast! Real-time Schild Scan Rapport
* dit bestand is automatisch gegenereerd
*
* Begon op: vrijdag 6 december 2013 17:12:59
*
6-12-2013 22:19:20 http://r16---sn-5hn7sn7r.c.pack.google.com/edgedl/update2/1.3.22.3/GoogleUpdateSetup.exe?cms_redirect=yes&expire=1386379165&ip= <MY GLOBAL IP-ADDRESS> &ipbits=0&ir=1&ms=nvh&mt=1386364692&mv=m&sparams=expire,ip,ipbits&signature=4DBD91D86C082F3C2E5AA2E74C64480FCA3FA360 [L] Win32:Fareit-LM [Trj] (0)
6-12-2013 22:19:43 http://r16---sn-5hn7sn7r.c.pack.google.com/edgedl/update2/1.3.22.3/GoogleUpdateSetup.exe?cms_redirect=yes&expire=1386379166&ip= <MY GLOBAL IP-ADDRESS> &ipbits=0&ir=1&ms=nvh&mt=1386364692&mv=m&sparams=expire,ip,ipbits&signature=371CAD64034469C65780F62E49715634C6408783 [L] Win32:Fareit-LM [Trj] (0)
-
I'd love to see this stop.. I administrate a network of 120 systems using the
Small Office Administration system, and I get an email for every "hit" from Avast.
I've gotten over 1400 emails so far today... the URL is basically the same as above:
"http://r2---sn-a8au-p5qz.c.pack.google.com/edgedl/update2/1.3.22.3/GoogleUpdateSetup.exe?cms_redirect=yes&expire=1386381473&ip=[redacted]&ipbits=0&ir=1&ms=nvh&mt=1386367020&mv=u&sparams=expire,ip,ipbits&signature=44F4EB244A408B5AC2A4D287B8CFD8C53A2B5710"
Tried an update, and it's still claiming 131206-0 is current.
-
These are the latest versions of Avast! Try update manual (virus definitions and program)
(http://www.imgdumper.nl/uploads7/52a24dcf2546b/52a24dcf21223-Naamloos.png)
-
Can't manually update the pro suite programs if they're managed from a central server.. just tried
to force an update from the central mirror server and it says' -0 is still the latest. Guess I'll have to
wait over here for a bit longer.
-
I'd love to see this stop.. I administrate a network of 120 systems using the
Small Office Administration system, and I get an email for every "hit" from Avast.
I've gotten over 1400 emails so far today... the URL is basically the same as above:
"http://r2---sn-a8au-p5qz.c.pack.google.com/edgedl/update2/1.3.22.3/GoogleUpdateSetup.exe?cms_redirect=yes&expire=1386381473&ip=[redacted]&ipbits=0&ir=1&ms=nvh&mt=1386367020&mv=u&sparams=expire,ip,ipbits&signature=44F4EB244A408B5AC2A4D287B8CFD8C53A2B5710"
Tried an update, and it's still claiming 131206-0 is current.
the file sent has been successfully
Reporting for virus analysts
should be fixed in the next update
-
Add me to the list. Just started up about a half hour ago. Every 20 seconds or so it pops up a warning screen with a loud beep. I'm doing an update now to see if it fixes it. The update is half downloaded. HMMMM since I started typing this it stopped flashing the message. Maybe the updates are working. Will post again if it still occurs.