Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: catinahat on November 03, 2012, 08:17:42 AM

Title: Possible False Positive for shortcut to SAS forum (edited)
Post by: catinahat on November 03, 2012, 08:17:42 AM

Hi. Avast! has just done a scheduled full scan and found a threat for a shorcut in my Favorites folder. Here is a screen dump of the log:

http://i407.photobucket.com/albums/pp157/scratchpics/avastdetection_zps72842e72.jpg

The URL for this site in my favourites is http://forums.superantispyware.com/ and I have checked this website on urlvoid.com and it was 100% clean.

I also uploaded the actual file to be scanned: Virustotal reports 100% clean: https://www.virustotal.com/file/fefd283e2eb2c585775140540998196d2674620cab4e92d6ac0a59222ee02977/analysis/1351928567/

Jottis reports a detection on avast! and Gdata but nothing else: http://virusscan.jotti.org/en-gb/scanresult/9903accaf8e6fdf68d2349b26078b5e8e932b4cd

I have moved it to the virus chest as suggested, but I have not scheduled a boot scan. I'm wondering if this could be a FP? I haven't altered anything in my favorites or visited SAS in months, and this is the 1st time avast! has detected this file as malicious. MBAM & HitmanPro scans clear.

(Apologies for the edits)

Title: Re: Possible False Positive for shortcut to SAS forum (edited)
Post by: crofty59 on November 03, 2012, 10:32:42 AM

HI

I am also getting the same warning on both of computers here.

On first computer got it from doing a scan, sent to chest.

On 2nd computer if i click to go to sas forum Network-shields blocks it.

There is a discussion here about it
http://forum.avast.com/index.php?topic=108464.0 (http://forum.avast.com/index.php?topic=108464.0)
Cheers

Title: Re: Possible False Positive for shortcut to SAS forum (edited)
Post by: mchain on November 03, 2012, 11:00:27 AM

hi catinahat and crofty59,

If a file is placed in the virus chest, there is the option of right-clicking the offending file and sending it out as a false-positive to Avast!  A lnk.file is such a file. 

To better understand what is involved, see:  https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=777&nav=0,61 (https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=777&nav=0,61)  Best course of action is to do the above, and wait to see if the fp clears on the next vps update or two. 

It is the SUPERAntispyware forums that is affected, tho.  It is likely that the other websites SUPERAntispyware shares the IP address with are the cause of the alert.

See:  http://urlquery.net/report.php?id=82630 (http://urlquery.net/report.php?id=82630)

Sourceforge.net is noted, as well as grouphelp.customerhelp.com as having IDS intrusions detected.  It is the IP that is being blocked here, so Avast! is possibly protecting you from collateral damage when you attempt to visit

Title: Re: Possible False Positive for shortcut to SAS forum (edited)
Post by: crofty59 on November 03, 2012, 11:15:01 AM

Thanks mchain

I have checked out your links, found them very informative.

Will wait a few days to see what happens.

cheers

Title: Re: Possible False Positive for shortcut to SAS forum (edited)
Post by: ky331 on November 04, 2012, 08:40:58 PM

While there's no new AVAST database --- it's still at 121104-0,  which blocked the SAS forum when I tested it this morning ---
I'm showing that I received a streaming update at 2:17 PM (USA - Eastern Standard Time)... and now, I CAN access the SAS forums.

But in an ironic twist, Webroot SecureAnywhere is now blocking the SAS forum:   http://www.wilderssecurity.com/showthread.php?t=335315