If viruses are detected by
FILE NAME only then I would have to say that Avast has found a FALSE POSITIVE because the file is an executable file of an application program that I have had on my computer for many years.
The name of what I believe to be a possible false positive is
AsteriskPassword.exe.
The kind of virus that Avast finds it to be:
Win32:Malware-genThe program path on my computer was:
c:\Program Files\Thegrideon Software\Asterisk Password\AsteriskPassword.exeThe program is a Password Recovery file by Thegrideon Software:
http://www.thegrideon.com/asterisk-password-recovery.htmlScanning with Jotti on-line scanner the following virus programs found the file to be a virus of some kind:
1) Avast - Win32:Malware-gen
2) AntiVir - SPR/PassView.N
3) G Data - Win32:Malware-gen
4) Quick Heal - Trojan.Agent.ATV
The
other Sixteen virus program scans FOUND NOTHING. Thus Avast was one of 20% that considered the file a virus.
Scanning with Virus Total on-line scanner found the following:
Result: 5/41 (12.2%) found positive.
What is odd is that I have had this program on my computer for many years and it has never been scanned as a threat of any kind up until now.
I emailed the zipped file to the Alwil Analysts with this same information I've posted here.
So again my question about
how potential viruses are found by Anti-Virus programs:
Are viruses found by FILE NAME or does the Anti-virus program actually check the code inside of files (including executables) and determine whether code within the file is considered to be a possible threat?Thanks in advance.