Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: PARoss on July 27, 2007, 07:28:15 PM

Title: Chaos Intellect
Post by: PARoss on July 27, 2007, 07:28:15 PM

I'm trying to download a program related to Chaos Intellect (http://www.chaossoftware.com/programs/chaos/utilities/AddressSwiper.exe). They tell me that it has been checked for viruses, but I'm getting a "Trojan Horse Was Fount!" message:

Win32:Killav-K [Trj]
C:\Program Files\Chaos Software\Address Swiper\~GLH0004.TMP

I'm told it is a false positive. How can I make sure?

Phil

Title: Re: Chaos Intellect
Post by: DavidR on July 27, 2007, 09:15:25 PM

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html) I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

If a false positive:
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.