Avast WEBforum

Other => Viruses and worms => Topic started by: seamanrl on December 16, 2011, 12:45:55 AM

Title: Avast suddenly finds virused files
Post by: seamanrl on December 16, 2011, 12:45:55 AM

I posted several executable files to my Christmas Countdown webpage a couple of weeks ago. I've been able download each of them since December 1st without issue... until today! Now Avast blocks each and states that the file is infected with Win32:malware-gen.

Is this a false positive of some sort? Why would this start today?

The files are digital puzzle generated using Tibo Software. They are posted at:
http://www.leonineiris.com/l9inotaboutiris/l9ichristmascountdown.html as part of the Countdown Calendar.

Many thanks!
 

Title: Re: Avast suddenly finds virused files
Post by: DavidR on December 16, 2011, 12:58:08 AM

You could also check the offending/suspect file/s at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here, post the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to Open the chest and right click on the file and select 'Extract' it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

####
If only GData and avast detect it/them - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn't hurt.

Or - Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Title: Re: Avast suddenly finds virused files
Post by: seamanrl on December 16, 2011, 03:37:49 AM

VirusTotal results:
http://www.virustotal.com/file-scan/report.html?id=8bdb7c6a8a2db52eb748021a60218b28c3481b822f8fc37232991f62bc696870-1324002214

Avasta and GData found Win32:malware-gen
DrWeb found Trojan.KillProc.13765

Title: Re: Avast suddenly finds virused files
Post by: DavidR on December 16, 2011, 04:11:12 AM

GData also uses avast as one of its two scanners.

Send the sample to avast for analysis.