Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: gate1975mlm on January 11, 2005, 06:11:22 PM
-
Hi I just got the latest Avast update and now all of a sudden it is saying that the Win32:Trojano-898 [Trj] is found in C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe Which is Phonetray program. It never did this until this new update that I got this morning. And I know that PhoneTry is a clean program. http://phonetray.traysoft.com/
So what is going on here?
-
You can verify that it's a false-positive by submitting it to http://virusscan.jotti.dhs.org/ where it will be ckecked by various online AV programs.
-
Service load: 0% 100%
File: PhoneTray.exe
Status: INFECTED/MALWARE
Packers detected: PE_PATCH
AntiVir No viruses found (0.17 seconds taken)
Avast Win32:Trojano-898 (1.51 seconds taken)
BitDefender No viruses found (0.60 seconds taken)
ClamAV No viruses found (0.40 seconds taken)
Dr.Web No viruses found (0.61 seconds taken)
F-Prot Antivirus No viruses found (0.52 seconds taken)
Kaspersky Anti-Virus No viruses found (0.70 seconds taken)
mks_vir Win32.4 (probable variant) (0.22 seconds taken)
NOD32 No viruses found (0.61 seconds taken)
Norman Virus Control No viruses found (2.04 seconds taken)
Statistics
Last piece of malware found was not-a-virus:RiskWare.Monitor.Perflogger.al in Slave.exe, detected by:
Scanner Malware name Time taken
AntiVir X 0.17 seconds
Avast X 1.51 seconds
BitDefender Trojan.Spy.Agent.Y 0.35 seconds
ClamAV X 0.44 seconds
Dr.Web X 0.55 seconds
F-Prot Antivirus X 0.24 seconds
Kaspersky Anti-Virus not-a-virus:RiskWare.Monitor.Perflogger.al 2.21 seconds
mks_vir X 0.99 seconds
NOD32 X 1.23 seconds
Norman Virus Control X 3.10 seconds
Service statistics:
11124 files (7848 of those unique) have been uploaded & scanned since 31/12/2004, the day of the last database purge.
2299 of those 7848 files contained a virus or any other form of malware.
This page has been visited 21428 times in this time period.
This service managed to spot 229 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1243 suspicious files without any help from scanner results.
However, 69 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.12% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.
No I am not sitting still! For those of you interested, a new, better version of this service is being developed. Click here for a sneak peek. It is not finished. It has bugs. Please use it for testing purposes ONLY.
If you have suggestions and/or comments, please send me them!
Most popular malware:
Rank Malware name Uploaded Last known filename
1 backdoor.rbot.gen 114 times rBot.exe
2 win32:trojan-gen. {other} 62 times PT_HACK.rar
3 trojan.spy.agent.y 54 times Slave.exe
4 backdoor.win32.rbot.gen 53 times R.EXE
5 win32.hllw.mybot.based 49 times qsosrv.zip
6 backdoor.agobot.3.gen 45 times gobot3.exe
7 win32.hllw.mybot 33 times defragfat34.exe
8 trojan.unremote.a 31 times Aimbot_with_PG.zip
9 behaveslike:win32.explorerhijack 30 times Kit.exe
10 behaveslike:trojan.downloader 29 times 211.exe
11 .admili 26 times AdmilliKeep.exe
12 win32:trojan-gen. 22 times vvv.zip
13 win32.hllw.forbot.based 21 times windowscr32.exe
14 trojan.swizzor 21 times TrojanDownloader.Win32.Swizzor.t.zip
15 backdoor.win32.agobot.gen 21 times agobot32.exe
-
Even though 2 AVs report infection, I would suggest sending the infected file to avast.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
-
I've almost the same problem!
Avast finds "Win32:Trojano-898" in msa.dll! msa.dll is a audio plugin for Nero Burning ROM!
Only the newest virus definition 0502-1 has this false-positive!
-
Same problem here. I can't even update Nero because avast! doesn't allow that file to be installed.
-
Latest VPS is 0502-2, a short while ago.
-
Here's the message that came with the last update:
New iAVS update (VPS 502-2) for avast! program has been released recently.
Related information could be also found on our Internet sites.
Note: False alarm removed
Thanks Alwil team. ;D
-
Hi.
I found this trojan in system restore and in my firewall. it should be removed now and i reinstalled the firewall. so if it´s a false positive it´s good and if not i hope it took care of it ;)
-
Hi.
I found this trojan in system restore and in my firewall. it should be removed now and i reinstalled the firewall. so if it´s a false positive it´s good and if not i hope it took care of it ;)
ADD by me: sorry for posting 2 identic messages. it was a mistake.. :-\ :-[
-
WoW that was quick! The new update fixed my problem. Thanks Avast Team! :)
-
It seems that I am stuck between 502-1 and 502-2
the scan now passes but when trying to reinstall a program it still rejects it and says that 502-1 wont pass it. The main display while running a scan indicates 502-1 while summary says 502-2..
hopefully this will get fixed soon.
pete
-
Alwil Please take a look:
-
This is what happens when I try to update Nero.
-
peterx2,
try a repair of Avast.
-
Bob, did you try Googling the msa.dll problem?
Do you have the file? Can you scan it on-line?
It seems a false positive...
-
Technical
The file is clean according to Jotti. Even avast! now says it's clean.
Here's the problem:
The original file was in the following folder:
C:\Program Files\Common Files\Ahead\AudioPlugins\msa.dll
when I restored if from the chest, ith was put into the following:
C:\Program Files\Common Files\Ahead\AudioPlugins\msa.dll\msa.dll
Since all of these folders are read only, I can't put it back where it should be. Not even in Safe Mode.
For some reason, I can't run the update of Nero unless the file is in the right place as you can see
from the screen captures I previously posted.
-
I think you have already noticed that it was a false positive.
New VPS file already corrected this 8)
-
New VPS file already corrected this
It may have corrected the false positive part but look at where it put the file when I selected Restore
C:\Program Files\Common Files\Ahead\AudioPlugins\msa.dll\msa.dll
The file was originally here:
C:\Program Files\Common Files\Ahead\AudioPlugins\msa.dll
That's what gave me all the problems.
What I'd like to know is if this problem has been addressed???
-
Seems a bug... Hope it's corrected asap :-\
-
Sorry for the troubles.
The problem has already been corrected and the fix will be included in the next update.
-
Sorry for the troubles.
The problem has already been corrected and the fix will be included in the next update.
Thanks igor
I new the Alwil team would jump on a fix asap. ;D
-
Will be included in the next update.
Any schedule for it? ::)