Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: speeddemon8803 on April 25, 2007, 02:00:18 AM
-
Hi,
I have a script for mIRC that is called multiscript, it is throwing A LOT of false positives, especially in a dll called msn.dll, I know for a fact that this file is not infected, as I have created this file myself. Is there any way to make avast! skip this file when its doing its scans?
Thanks,
speeddemon8803
-
Is there any way to make avast! skip this file when its doing its scans?
You need to use the Exclusion lists:
For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...
For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...
You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.
-
I have a script for mIRC that is called multiscript, it is throwing A LOT of false positives, especially in a dll called msn.dll, I know for a fact that this file is not infected, as I have created this file myself. Is there any way to make avast! skip this file when its doing its scans?
Besides what Tech has said you should submit this to avast for analysis.
If you are (not) getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (after adding it to the User Files section of the chest).
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
What is the malware name associated with the detection/s ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html) I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.
-
I dont "think" its a false positive..im absolutely 100% sure it is a false positive as I have stated, I created this file myself, no other anti-virus has detected this thing as a virus, and avast for some reason does. Win32:Trojan-gen. {Other} is the name it gave...i scanned it with an online scanner that uses avast and other engines..and it comes up with motherboardmonitor...and i know for a fact that isnt malware...its diagnostic tools!
avast version:4.7.986
virus database:000735-2
Also known as the very latest virus database update and the very latest program update :)
avast isnt the only one to cry about it..but...its still in fact a false positive because of the fact its intention is not to harm..just to gather information. Avast probably sees it going into ram and searching..and screams at me. I'm not really worried about it, I just would like this DLL file to be removed from avast's vdb as being malware is all.
-
This is getting me sad now...avast doesnt like my program dll files :(. I would never intentionally make something flag in my avast unless it was the eicar test file.
-
I dont "think" its a false positive..im absolutely 100% sure it is a false positive as I have stated, I created this file myself, no other anti-virus has detected this thing as a virus, and avast for some reason does. Win32:Trojan-gen. {Other} is the name it gave...i scanned it with an online scanner that uses avast and other engines..and it comes up with motherboardmonitor...and i know for a fact that isnt malware...its diagnostic tools!
avast version:4.7.986
virus database:000735-2
Also known as the very latest virus database update and the very latest program update :)
avast isnt the only one to cry about it..but...its still in fact a false positive because of the fact its intention is not to harm..just to gather information. Avast probably sees it going into ram and searching..and screams at me. I'm not really worried about it, I just would like this DLL file to be removed from avast's vdb as being malware is all.
I'm sure you don't make files that will intentionally trigger virus alerts, that is why I suggested confirmation, posting the results here gives that confirmation. The same problem has happened with Tech for another scripting tool auto-it (I believe) that somehow in the compiling of the file it creates something that is though incorrectly or otherwise to be infected.
The only way to resolve an FP is by, confirmation and submission as I outlined above, in the submission you can refer to this topic which shows the confirmation (if results of VT or Jotti are posted).
-
speeddemon8803, did you send the files to virus@avast.com, as suggested?
-
igor...why would I send it to them? its not a virus...that send it to them so they can analyze it and take it out of the vdb?
-
even if i wanted to send this..its bigger than the 1024 KB limit..bleh this is going to take forever to get resolved.
-
nevermind..i was trying through the program itself..brb going to e-mail like you suggested..boy im slow today forgive me!
-
igor...why would I send it to them? its not a virus...that send it to them so they can analyze it and take it out of the vdb?
When sent for analysis, if it is Marked as a False Positive as I mentioned, it will be investigated as such and the VPS updated as required.
even if i wanted to send this..its bigger than the 1024 KB limit..bleh this is going to take forever to get resolved.
You can increase the limit of the 'Maximum size of file to send.' Open the program Settings, Chest and increase the size to allow the file to be sent.
-
heh, thanks! Sorry for being so fussy!
-
Your welcome.
Nothing wrong with being fussy ;D and inquiring mind is a very useful tool.
-
and now..we wait...boy oh boy! :P
-
exactly whats supposed to happen now? Ive heard nothing from them since I asked them to take the file off...absolutely nothing..
-
It is an exercise in patience ... you will hear perfect silence ... contribution is it's own reward ... well that and eventually no longer being bugged by the false positive.
-
Generally you won't hear unless they require more information. Leave the file path in the exclusions and periodically scan a copy in the chest to see if it isn't detected and then remove the exclusion.
However I would have thought it would have been dealt with by now they are usually quick to resolve an FP. You could try sending it again, this time from the chest and see if that helps.
-
Ive heard nothing from them since I asked them to take the file off...absolutely nothing.
But is the file still being detected as infected? Is it really a false positive?
If they did not correct this *yet*, it will be a shame, answering or not answering to the user.
-
still detected as same thing..no fix yet...no reply..*sigh* definately false positive..read entire slew of posts :)
-
oh..btw...this isnt a oh im thinking of changing cuz you wont fix...im twiddlin my thumbs...waiting like the good boy I am ;)