Avast WEBforum
Other => Viruses and worms => Topic started by: Nosnibor on February 27, 2010, 05:46:45 PM
-
As you can see by the included pix the Screen Saver Scan has detected "Win32:Malware-gen" in 8 different places.
The detection of clt.exe i assume is a false positive.
The items found in "System Volume Information\_restore" i am unsure about.
PLEASE HELP
-
I would say the the clt.exe is a good detection as its purpose is to circumvent the firewall, how is avast to know it is a tool, you know that, avast can't determine intent. Put such tools in one folder and exclude it from scans.
- Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
- Worst case scenario it isn't infected and you delete it/move it to the chest, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
-
I'm getting the same exact thing. It's a FALSE POSTIVE, as I think. It makes no sense.. iTunes as malware? Or even a CCleaner setup was thought to be malware.
-
You haven't got exactly the same thing unless the detection is on clt.exe.
You have got the same malware name detection, I presume. I have CCleaner on my system and no detection on its setup file, see image, though I use the one without the toolbar (slim) as part of the installation. I don't use itunes so can't say.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
- Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.
-
Ok so when i add an item to the exclude list do i need to do a exclue in every scan mode such as "Screen Saver Scan" and "Scan from Windows Explorer" and "Full system scan" to make the exclude Fully efective ???
Ok so "System Volume Information\_ restore" refres to "System Restore" points and can be safely removed ???
-
From the settings, Exclusions it says it applies to all scans, and a small test would confirm your question. That as it what it seems to do.
I wouldn't have suggested it if it weren't safe.
-
From the settings, Exclusions it says it applies to all scans, and a small test would confirm your question. That as it what it seems to do.
I wouldn't have suggested it if it weren't safe.
Ok thanks. The System Volume Information Restore issue has been resolved.
In regardes to the exclusion issue with "clt.exe" i put it in exclusion under Main Settings and it does not detect it in "Quick Scan" & "Full systen scan" & "Select folder to scan" & "Scan from Windows Explorer" & "Screen saver scan" but it does still show up as a detection when i use "Boot Scan"
-
Well I would say that since the boot-time scan is outside of windows it may not be covered, though I would have thought it would.
-
Well I would say that since the boot-time scan is outside of windows it may not be covered, though I would have thought it would.
WOO HOO i found a bug :) What do i win lol
I agree that it should be included!
how do i now forward this bug info to the powers to be?
-
I don't know whether you would call it a bug, which is why I said "I would say that since the boot-time scan is outside of windows it may not be covered," so I don't know if it is by design or not.
I can't recall if there was an option in the 4.8 boot-time scan advanced settings to exclude files/folders or not. That option I can't see in the 5.0 boot-time settings only being able to select what to scan (selective area) not what not to scan.
-
I do think it is a bug with v5 as when i used v4.8 it did not detect "clt.exe" as malware.
-
Because 4.8 didn't detect clt.exe and avast 5.0 does means nothing as, a) both virus definitions databases differ and b) new signatures or updating existing signatures happen all the time. So it is entirely possible that files that weren't previously detected are now.
In any case a false detection if it were so isn't a bug, that is a failing in the program code and not its detections.
-
From the settings, Exclusions it says it applies to all scans, and a small test would confirm your question. That as it what it seems to do.
I wouldn't have suggested it if it weren't safe.
Ok thanks. The System Volume Information Restore issue has been resolved.
In regardes to the exclusion issue with "clt.exe" i put it in exclusion under Main Settings and it does not detect it in "Quick Scan" & "Full systen scan" & "Select folder to scan" & "Scan from Windows Explorer" & "Screen saver scan" but it does still show up as a detection when i use "Boot Scan"
CORRECTION -- the exclusion option under main settings Does NOT work I put clt.exe in main settings under exculions using the correct path but avast v5 still detects it as bad and moves it to the virus chest. Because this item is still being detected as bad even though i put it in main settings under exclusions it IS A PROGRAM BUG
-
Please close this thread as i'm going to post it in bug report
-
clt.exe is no longer detected in vps 100228-1
-
Thats good to hear but it doesn't fix the problem with the main settings "Exclutions" Not Working Properly ::)
It's more like shooting the horse because the waggon broke a wheel lol