Avast WEBforum

Other => General Topics => Topic started by: Kerr Avon on November 17, 2023, 10:42:30 PM

Title: Have these files been received by Avast, please?
Post by: Kerr Avon on November 17, 2023, 10:42:30 PM
I use the Free version of Avast Anti-virus (which is great, BTW) and have done so for many years without problem. But in the  past few days, I have encountered two infection warnings, both of which I believe to be false positives, and though I've chosen to send the files to Avast for study, I have received no information back. But in the past, when I've sent suspected infections, they usually reply within the same day, or at most a day later.

If there is a long queue for items to be tested, then fair enough, of course, but I just want to confirm that there isn't a problem with my PC or something stopping the files from getting sent. One file is a freely available demo for an upcoming game, and the other is a small website which I have compiled into an EXE file using eWriter (https://www.helpandmanual.com/ewriter/ (https://www.helpandmanual.com/ewriter/)), so I think both warning from Avast are false-positives, though of course I can't be sure.

I just want to confirm that these were successfully sent to Avast, thanks.
Title: Re: Have these files been received by Avast, please?
Post by: DavidR on November 17, 2023, 11:18:14 PM
You don't say how you reported this.
Did you use the  -  Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
You should get a response in a day or two.

Here you can actually send the suspect file not a link for them to find it.

Attaching a screenshot to your post of the Avast Alert window with the Details option chosen.  This gives more details on the why.
- Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include 'Attachments and other options'. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.
Title: Re: Have these files been received by Avast, please?
Post by: Kerr Avon on November 18, 2023, 06:38:19 PM
You don't say how you reported this.

Did you use the  -  Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
You should get a response in a day or two.

Here you can actually send the suspect file not a link for them to find it.

Oh, sorry. I used the option in the Avast to sent the files.

I will upload the two files to the URL you gave above, thanks.

The URL you gave has a file size limit of 50MB, but the game demo is 110 MB, and the compiled/converted .EXE is 123 MB. Is there another way to send these larger files, please?

And could these relatively large file sizes explain why Avast's own "Report as false positive" file upload function might not have worked?




Quote
Attaching a screenshot to your post of the Avast Alert window with the Details option chosen.  This gives more details on the why.
- Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include 'Attachments and other options'. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.

That's great, thanks.

I have enclosed with this post a screenshot of Avast's message when I try to copy the game demo file to a different folder.
Title: Re: Have these files been received by Avast, please?
Post by: DavidR on November 18, 2023, 07:08:52 PM
I don't know if the file can be compressed to get it under the 50MB limit.

If it has been sent from the Quarantine and you have sent it from there, it should get analysed.  But I don't know how they would go about contacting you in the way they can with the form submission.
Title: Re: Have these files been received by Avast, please?
Post by: Pondus on November 18, 2023, 07:17:04 PM
Quote
But in the  past few days, I have encountered two infection warnings, both of which I believe to be false positives,
Have you checked files at www.virustotal.com

If you upload files to virustotal then all members at VT will recive them and can check for FP

You may post link to scan result here

Title: Re: Have these files been received by Avast, please?
Post by: Kerr Avon on November 18, 2023, 07:46:08 PM
Quote
But in the  past few days, I have encountered two infection warnings, both of which I believe to be false positives,
Have you checked files at www.virustotal.com

If you upload files to virustotal then all members at VT will recive them and can check for FP

You may post link to scan result here

OK. Here is the game demo's results page, most show it as a clean:

https://www.virustotal.com/gui/file/091b2a92effbb4540cb7b54ef7b3742183bcf27e146331202040115ed167e61c (https://www.virustotal.com/gui/file/091b2a92effbb4540cb7b54ef7b3742183bcf27e146331202040115ed167e61c)

The complied EXE is showing as totally clean, via that site, so I will check that.









I don't know if the file can be compressed to get it under the 50MB limit.

If it has been sent from the Quarantine and you have sent it from there, it should get analysed.  But I don't know how they would go about contacting you in the way they can with the form submission.

I thought that Avast, when it sent the files, would attatch some sort of identification for me?

Anyway, I could .RAR or .7zip the files up into 49MB chunks, and send them via (https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php)), but I didn't want to seem rude or offensive. Is it allowed to send a larger file as separate chunks?
Title: Re: Have these files been received by Avast, please?
Post by: Pondus on November 18, 2023, 07:55:16 PM
Quote
Is it allowed to send a larger file as separate chunks?
Yes


https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Title: Re: Have these files been received by Avast, please?
Post by: nonwaty on November 18, 2023, 08:08:25 PM
Hi Kerr Avon.

"Here is the game demo's results page...."

You have:
Win32:Malware-gen (Trojan infection, Trojan.Win32.Agent.Vv3a).

You should pass avast antivirus
- analysis during boot -

Open the avast antivirus
go to protection, virus scan, analysis during boot.

Title: Re: Have these files been received by Avast, please?
Post by: DavidR on November 18, 2023, 09:41:46 PM
Quote from: Kerr Avon
OK. Here is the game demo's results page, most show it as a clean:

https://www.virustotal.com/gui/file/091b2a92effbb4540cb7b54ef7b3742183bcf27e146331202040115ed167e61c

The complied EXE is showing as totally clean, via that site, so I will check that.

Looking at the VT results 'if you hover over the Overlay icon' it mentions 'The files has content beyond the declared end of file'.  I don't know if this would be considered suspect by avast (or this isn't exactly the same as what Avast is alerting on).

Quote from: Kerr Avon
I thought that Avast, when it sent the files, would attach some sort of identification for me?

I don't believe it does, some might consider that intrusive.  You can give some information in the submission, generally I would give the URL back to your topic that you created as you can give a lot more information here, than in remarks.  I guess you could give your email in the submission to avast from quarantine.

In your screenshot there is a unique ID number bottom Left of the image, that could also help when using the submission of the file from Quarantine.
Title: Re: Have these files been received by Avast, please?
Post by: Kerr Avon on November 18, 2023, 11:00:29 PM
Quote
Is it allowed to send a larger file as separate chunks?
Yes


https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Thanks, mate, I'll do it now.











Hi Kerr Avon.

"Here is the game demo's results page...."

You have:
Win32:Malware-gen (Trojan infection, Trojan.Win32.Agent.Vv3a).

You should pass avast antivirus
- analysis during boot -

Open the avast antivirus
go to protection, virus scan, analysis during boot.

Good idea, I will do it, when I've posted this.







Quote from: Kerr Avon
OK. Here is the game demo's results page, most show it as a clean:

https://www.virustotal.com/gui/file/091b2a92effbb4540cb7b54ef7b3742183bcf27e146331202040115ed167e61c

The complied EXE is showing as totally clean, via that site, so I will check that.

Looking at the VT results 'if you hover over the Overlay icon' it mentions 'The files has content beyond the declared end of file'.  I don't know if this would be considered suspect by avast (or this isn't exactly the same as what Avast is alerting on).

I see, that is strange. I don't know what it mean, either.



Quote
Quote from: Kerr Avon
I thought that Avast, when it sent the files, would attach some sort of identification for me?

I don't believe it does, some might consider that intrusive.  You can give some information in the submission, generally I would give the URL back to your topic that you created as you can give a lot more information here, than in remarks.  I guess you could give your email in the submission to avast from quarantine.

In your screenshot there is a unique ID number bottom Left of the image, that could also help when using the submission of the file from Quarantine.

OK. When I get more information I will post it here.

Thanks.
Title: Re: Have these files been received by Avast, please?
Post by: DavidR on November 19, 2023, 12:39:00 AM
You're welcome.
Title: Re: Have these files been received by Avast, please?
Post by: Kerr Avon on November 26, 2023, 11:22:36 PM
Sorry, I meant to post here, but I forgot (real life is hectic at the moment)).

Anyway, Avast fixed the problem, and now the game demo no longer gets flagged as infected.

Thanks to everyone concerned for their help.
Title: Re: Have these files been received by Avast, please?
Post by: DavidR on November 27, 2023, 12:31:23 AM
Thanks for the confirmation.