False positive since updating Avast

[stundukkie]

Hello,
I am Dutch so forgive my poor English....
Since my avast is updated last week, I keep getting alarms about win32:trojan.gen.
I am downloading games for more than a year regularly from what I think is a safe site (reflexive.com) never had any troubles with it.
Now since the update for avast, every game I download is setting off the alarm for incoming virusses.
Should I ignore these alarms?

greetings, Stundukkie

[DavidR]

I take it that the detection is on the reflexive.com site and is blocked by the Web Shield, the only option is Abort connection ?

If so even sites that you think safe can get hacked.

I have visited reflexive.com and not got an alert so you are going to have to give more information on the detection.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

I'm on dial-up so I can try to download anything large game files, not that it appears easy to do that without signing up.

You could also check the offending/suspect file (you may need to pause the web shield to download it, just don't try to execute it) at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[stundukkie]

Hello David,

The detection was and is not while I am on the site of reflexive.com, I can download the game with no problems or alarms. As soon as I want to install the downloaded game the trouble starts by warnings from avast. You don't have to sign up for this site, I always download the trialversions.

I am not that experienced in the programlanguage, when I can't figure it out I always bring the pc to the guys at the store I bought it.

Avast found it in c:\ ProgramFiles\The hidden Object Show\
the name is (a scull) is-5K3OC.tmp

Last night a friend of mine downloaded the same game and he's got NOD32, no problems at all, could install the game with no alarmbells or anything from his scanner. Another girlfriend did the same thing, she's got Panda, no problems at all. That looks to me that either my Avast is too sensitive or detects some spyware as a virus?

Other warnings that come up while installing the game on my pc are :
SYSTEM (program 1628) Sign of "Win32:Downloader-BUQ[trj]
SYSTEM (program 1808 +1812) Sign of Win32:Trojan-gen{Other}
I am scanning just right now because I deleted some things and cant remember the path where the other warnings were.

I tried to download another game, Bejeweled 2 Deluxe......
Samething happens: Virus was found : C:\Program Files\Bejeweled 2 Deluxe\WinBej2.exe
                            Maleware name   : Win32:Trojan-gen{Other}
                            Maleware type    : Virus\Worm
                            VPS version        : 081110-1, 10-11-2008

NOTE: by clicking on "NO ACTION" the maleware will not be activated!

My two friends with different scanners (NOD32 and Panda) downloaded this game too: no problems!

Should I panic or what?

[FlameOn]

I have the same problem as stundukkie.

Old Reflexive games and newer games which have never given me any problems, have suddenly (within the last 3 days) contained traces of Win32:Trojan-gen & Swizzor.

It's a real pain because after selecting No Action, the files are then corrupted!  I've reinstalled them, updated Avast! but then with the next update it targets another file to corrupt.

I know it's a false positive but I don't want to disable Avast!.

Help!!

[stundukkie]

Hello again,

I just ran the suspected files through VirusTotal: nothing was found!

[DavidR]

If the VT scan reveals no detections then take the actions given in the link in my first post, How to report and exclude, etc.

It isn't unusual to not have avast detect on VirusTotal when it does so on your system. VT isn't able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.

If you can post the URL of the VT results page that is also helpful, you could also include it in the reporting of the false positive in that link.

[stundukkie]

Thank you David,

I will send it to Avast,
Ps. All the other virusscanners at VT found nothing.

Greetings from Belgium,
Stundukkie

[DavidR]

No problem, glad I could help.

Welcome to the forums.