Avast WEBforum
Other => Viruses and worms => Topic started by: srpgmt on August 01, 2010, 11:15:59 AM
-
Background:-
1) Happy Avast 5.0.594 user; feel secure due to its very high detection rate & its being rated amongst the top 3 antivirus in the world :)
2) WinXp Professional 32bit; Avast 5.0.594 + MalwarebytesAntimalware 1.46 + AdAware Anniversary Edition + Spybot Search & Destroy 1.6.2.46 + Spyware Terminator 2.6.5.111 + SpywareBlaster 4.3
3) All my installed security tools say picpick_inst.exe appears to be uninfected. By the way this is the exe of PicPick v 2.3.3 a screencapture tool. Its prior versions' installer exes carried a clean bill of health from everyone in virus total; from Avast 5.0.594 & also from all my installed security apps mentioned in point no.2
4) 2 McAfee antivirus programs in virustotal say version 2.3.3 is infected with Artemis! 5BC59F86A1C3 whereas 2 Avast programs in VirusTotal & my installed Avast 5.0.594 shows no problem ???
Action Taken So Far:-
1) I've stored the installer .exe but not installed it
2) I read the forum instructions in this section before posting my query here
3) Since the .exe is uninstalled I've neither quarantined nor sent you sample as yet
4) Please advise me what should I do in this kind of situation?
Query:-
1) I feel secure having Avast because it ranks amongst global top rankers
2) I do understand the concept of "False Positives"
3) But why does this happen - generally & in this instance? Meaning why does one app say there is a virus & another says there isn't one? ???
-
Artimis detections are a type of heuristic detection and as such more prone to FP. As for 2 McAfee programs detecting this, isn't strange as essentially they will be using the same signatures and engines, so in most cases bith will detect the same. Whilst avast 4.8 and 5.0 have differences since 5.0 includes some methods/signatures that aren't available in 4.8, so there may be time where one or the other doesn't appear to detect.
However, in this case what is more important is how many other scanners other than McAfee detect this (as some other major AVs in your image also don't detect anything), if the answer is none then it is highly likely it is an FP.
The other important question is how you came about this detection, hopefully you don't have avast and McAfee installed on the same system ?
-
Thanks for your kind reply. It has clarified the concept & also set my mind at rest. :)
Obviously Avast has wisely chosen to use heuristic methods which are not in the "Artimis genre." I infer this & several other wise approaches make Avast the global ranking antivirus it is.
Among the 42 scanners, in this particular case only the 2 McAfee scanners detected it in the online service - virustotal.
Oh & I do not have both Avast & McAfee installed on my system as I know having more than one Antivirus on one system leads to software clash between the two. I only have Avast 5.0.594 installed on my system. :)
I came upon this detection by using the online service of virustotal.
You've explained things extremely well. I believe as per forum rules I need to "modify title" to prefix "Resolved" if an issue is resolved. May I do that now? I hope I've answered your queries too dear friend ;) :)
-
Thanks for your kind reply. It has clarified the concept & also set my mind at rest. :)
Obviously Avast has wisely chosen to use heuristic methods which are not in the "Artimis genre." I infer this & several other wise approaches make Avast the global ranking antivirus it is.
Among the 42 scanners, in this particular case only the 2 McAfee scanners detected it in the online service - virustotal.
Oh & I do not have both Avast & McAfee installed on my system as I know having more than one Antivirus on one system leads to software clash between the two. I only have Avast 5.0.594 installed on my system. :)
I came upon this detection by using the online service of virustotal.
You've explained things extremely well. I believe as per forum rules I need to "modify title" to prefix "Resolved" if an issue is resolved. May I do that now? I hope I've answered your queries too dear friend ;) :)
I am unable to review the post as advised because clicking Preview is not doing anything. Hence I am constrained to click post once again
-
You're welcome.
There is no specific forum rule it is just handy to other viewing the topic list. However you need to go back to the first post you made and click the Modify button for that post and add [Resolved] to the title there.