Avast WEBforum

Avast Products => Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier => Topic started by: kaboose on May 30, 2010, 11:20:04 AM

Title: How to stop avast from blocking the file?
Post by: kaboose on May 30, 2010, 11:20:04 AM
Hey everyone am new here so please bare wid me  ;)

aite so recently avast keep blocking the game file and i knw its not a virus so any idea how i can stop that ? i am using avast free home version latest one thx
Title: Re: How to stop avast from blocking the file?
Post by: nmb on May 30, 2010, 11:21:55 AM
Hello Kaboose,

How can you say it is not a virus?

Upload the file to virustotal.com and give us the link.

If it is a false positive, we can send it to virus labs for checking.

nmb
Title: Re: How to stop avast from blocking the file?
Post by: DavidR on May 30, 2010, 03:19:20 PM
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

You should never try to circumvent a detection unless you are 100% certain it is a false positive detection, so:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Title: Re: How to stop avast from blocking the file?
Post by: nmb on May 30, 2010, 03:46:09 PM
May be I should prepare canned speeches. Isn't it sir DavidR?

nmb
Title: Re: How to stop avast from blocking the file?
Post by: DavidR on May 30, 2010, 04:40:34 PM
Well it saves time for common issues and gives more information to the user so that they don't bump into the obvious problem of trying to upload to virustotal.

If using it, it is important not to overwhelm the OP with too much information, which the last half of mine in most cases I wouldn't post for regular detections. This however is somewhat different as it appears to be for an old file previously used (reading between the lines).
Title: Re: How to stop avast from blocking the file?
Post by: nmb on May 30, 2010, 05:18:02 PM
Thanks for the tip sir DavidR. Will keep that in mind while prep'ing the canned speeches. :)

nmb
Title: Re: How to stop avast from blocking the file?
Post by: DavidR on May 30, 2010, 05:34:12 PM
You're welcome.
Title: Re: How to stop avast from blocking the file?
Post by: kaboose on May 31, 2010, 10:50:45 AM
Hello Kaboose,

How can you say it is not a virus?

Upload the file to virustotal.com and give us the link.

If it is a false positive, we can send it to virus labs for checking.

nmb

thx for replying ... its not virus cuz i been using that file for long time lol with avast its just from last couple days its doing that not sure y .. heres the link i got when uploaded on virus total : http://www.virustotal.com/reanalisis.html?dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732

http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1267514451
Title: Re: How to stop avast from blocking the file?
Post by: kaboose on May 31, 2010, 10:54:48 AM
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

You should never try to circumvent a detection unless you are 100% certain it is a false positive detection, so:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.


thanks for the long reply .. so as u mentioned to put the file in exclusions list since my file is on the desktop so i decided not to make a suspect folder so to add it to exclusion i have to go to Settings>Exclusions>Add ... is that all u want me to do ? also i reported the file as false positive already thx
Title: Re: How to stop avast from blocking the file?
Post by: kaboose on May 31, 2010, 10:56:11 AM
thx for replying everyone
Title: Re: How to stop avast from blocking the file?
Post by: nmb on May 31, 2010, 12:26:36 PM
Can you tell us the path where this file was detected?

Also, you say you know that this file was there for long time. How do you know that?

According to what I found out, It should be related to a game.

you have to give us all details. : What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Also upload the file to vt and rescan the file. don't give the link to old scan report.

nmb
Title: Re: How to stop avast from blocking the file?
Post by: -Genesis- on May 31, 2010, 01:29:20 PM
@kaboose

http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1267514451

Look at the result 17 AV's detected it.

And the one you upload on virustotal is dated on 2010.03.02

Can you upload the file again?

Im sure the file is virus.
Title: Re: How to stop avast from blocking the file?
Post by: DavidR on May 31, 2010, 03:28:39 PM
The latest result is 19 detections http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732 (http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732) as at 2010.05.31 08:48:52 so there is something suspicious in what this file does as most of the detections are either generic (.gen) or heuristic (suspicious/sus).

So what game does this file belong to ?

A google search for the SSWv5.11.dll file (Super Simple Wall ?) returns some that associate it with a games hack (which can come with unwelcome guests).
Title: Re: How to stop avast from blocking the file?
Post by: nmb on May 31, 2010, 03:46:29 PM
The latest result is 19 detections http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732 (http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732) as at 2010.05.31 08:48:52 so there is something suspicious in what this file does as most of the detections are either generic (.gen) or heuristic (suspicious/sus).

Where did you get that done from? I mean did you click re analyse? It didn't work for me, sir.

Quote
A google search for the SSWv5.11.dll file (Super Simple Wall ?) returns some that associate it with a games hack (which can come with unwelcome guests).

That is what even I thought(previous post). Some kind of patch or crack, may be?

nmb
Title: Re: How to stop avast from blocking the file?
Post by: DavidR on May 31, 2010, 04:15:26 PM
The re analyse button in the reanalisis link worked for me.
Title: Re: How to stop avast from blocking the file?
Post by: kaboose on June 01, 2010, 01:51:30 AM
Can you tell us the path where this file was detected?

Also, you say you know that this file was there for long time. How do you know that?

According to what I found out, It should be related to a game.

you have to give us all details. : What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Also upload the file to vt and rescan the file. don't give the link to old scan report.

nmb


aite am sure path has nothing to do wid this but since u really insisting here it is: C:\Documents and Settings\Desi\Desktop\Current
i gave u the VT link before but here it is again: http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732
Infected file name: SSWv5.11.dll .. use that for cs wall hacks
Title: Re: How to stop avast from blocking the file?
Post by: kaboose on June 01, 2010, 01:52:59 AM
The latest result is 19 detections http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732 (http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732) as at 2010.05.31 08:48:52 so there is something suspicious in what this file does as most of the detections are either generic (.gen) or heuristic (suspicious/sus).

So what game does this file belong to ?

A google search for the SSWv5.11.dll file (Super Simple Wall ?) returns some that associate it with a games hack (which can come with unwelcome guests).

indeed it is wall hacks ... so please help me out wid how i can stop avast from not detecting it since it just started happening .. never happenened before :(
Title: Re: How to stop avast from blocking the file?
Post by: DavidR on June 01, 2010, 02:17:15 AM
There are many (19/41) in the VT results that consider this at the very least suspicious. Many hacks/cracks are the subject of malware.

Why it hasn't happened before isn't unusual as new signatures and modifications to generic signatures are likely to detect new or previously undetected malware.

Read the first reply O made on this topic on how to exclude it from scans, though this isn't something I would recommend in this case with so many detections in the VT results, but the choice and risk of doing so have to be yours.

The file should be sent to avast for further analysis:
Send the sample to avast as a possible False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

Periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Title: Re: How to stop avast from blocking the file?
Post by: nmb on June 01, 2010, 06:00:26 AM
You will receive no help from for such foolish things. How blind people are. using tools which create backdoors in their pc. Download trojans etc. Later when everything is gone, come here and start campaign against avast!

nmb
Title: Re: How to stop avast from blocking the file?
Post by: kaboose on June 01, 2010, 06:56:11 AM
You will receive no help from for such foolish things. How blind people are. using tools which create backdoors in their pc. Download trojans etc. Later when everything is gone, come here and start campaign against avast!

nmb

then y bother replyin ? .. as i said i knw its not a virus .. all i wanna knw is how can i stop the file from being detected as a virus ... Welcome to my world!
Title: Re: How to stop avast from blocking the file?
Post by: kaboose on June 01, 2010, 06:57:45 AM
There are many (19/41) in the VT results that consider this at the very least suspicious. Many hacks/cracks are the subject of malware.

Why it hasn't happened before isn't unusual as new signatures and modifications to generic signatures are likely to detect new or previously undetected malware.

Read the first reply O made on this topic on how to exclude it from scans, though this isn't something I would recommend in this case with so many detections in the VT results, but the choice and risk of doing so have to be yours.

The file should be sent to avast for further analysis:
Send the sample to avast as a possible False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

Periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

as i mentioned i have already sent it as falso positive and regarding the previous reply on how to exclude ... wht i did is i went to settings>exclusion>Added the file ... but still it keeps on detecting it so not sure wht to do further
Title: Re: How to stop avast from blocking the file?
Post by: DavidR on June 01, 2010, 04:37:09 PM
Then you need to read my instructions again as you haven't excluded the file where it is being detected, the File System Shield as all you have done is exclude it from on-demand scans.
Title: Re: How to stop avast from blocking the file?
Post by: YoKenny on June 01, 2010, 07:11:08 PM
@ kaboose

You need to re-read DavidR's posts as he is a 6 star general when using avast!