Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: woodybolo on December 14, 2007, 12:40:31 PM
-
Hello,
i'm using avast for a while now and i'm always satisfied but since yesterday avast tell me that a file (printip.exe) i use everyday since 2006 now is infected by Win32:Small-IRG [trj] it's an executable i use to print my ip in an batch file i use dozen times a day now i need to shut down avast to continue using my computer and i am 100% sure it's safe and i don't want to use another antivirus but if you cannot help me i will have no choice ???
See the program in attachment rename printip.exe.log in printip.exe
thank you
-
1) no live links to samples here!!
2) you don't need to stop avast, the only thing what you have to do is to open Standard shield settings and add the file to its exclusion list..
3) almost all AV's at virtotal marked the file as Small trojan, we must analyze it further..
-
Thank you for your quick answer and sorry for the direct link ;D
i try what you say this way :
(http://img155.imageshack.us/img155/859/avasthu1.jpg)
i put printip.exe on the list
but i still have the warning it's verry annoying for me.
May be i need to restart the computer for the exclusion list? :-[
thank you again
-
ook, add the file also to the global exclusion list under program settings -> exclusions (accessible after right clicking the "a" icon)..
-
You have to include the path into the exclusion, or the corresponding mask (e.g. *\printip.exe)
-
May be i need to restart the computer for the exclusion list? :-[
Igor, can you answer this, for sure?
-
:D
Thank you it works ;) but if i want to copy my printip.exe program i need to turn off the protection that's not a big issue for me ;D.
This programs is used as a reconnector for usb modems to let you know your ip so you can disconnect your internet connection until you have another ip number if your internet provider gives you a dynamic ip with a batch file just like this:
For /F %%i in ('printip') Do @Set IP=%%i
C:\WINDOWS\system32\rasdial.exe /disconnect
C:\WINDOWS\system32\rasdial.exe "Provider" "login" "password"
for /F %%j in ('printip') Do @set IPNEW=%%j
if %IP% == %IPNEW% GOTO AGAIN
it is used to access time limited internet services based on your ip so it's more rapid when you share something 8)
-
If the exclusions 'work' (e.g. no alerts when you run printip.exe) you leave them in place and you don't need to turn off the protection.
So are you still getting alerts when you run printip.exe ?
-
No thank you :)
but if i try to copy it or to rename it yes
-
Then you would need to add those to the exclusions lists.
If you do regularly copy or rename it then I would suggest you have it/them in a folder specifically for them and exclude the folder. You could also keep the file name consistent e.g. printipnnnn.exe where nnnn is a numeric value or xxx where xxx is an alphabetic value.
So you could have c:\PrintIp\printip*.exe this wildcard would exclude all printip(something).exe files. This is better than having c:\PrintIp\*.* which would exclude all files in the PrintIp folder, this could leave a hole in security so it is best to try and restrict the wildcard use.