Author Topic: Avast Found An Infection Please Help (Read 3352 times)

cheater87 · « **on:** July 03, 2011, 12:04:04 AM »

The 1st one is a False positive, I've had that for a year or so. But the 2nd one under D:\ is new infection. Is this a False positive or what should I do? I just clicked "close" button since I don't want to put it inside the chest since I don't know if it's a FP or not. here's the link of the screen shot:
http://img.photobucket.com/albums/v210/nami05/infectionavast.jpg

DavidR · « **Reply #1 on:** July 03, 2011, 12:50:55 AM »

Well it isn't a false positive, it is a PUP (Potentially Unwanted Program), which you elected to scan for. Its purpose is to KillIt (file process, etc.) as the name implies and avast can't determine intent or if it is unwanted or not, hence the alert since you asked to check for PUPs.

In that location, part of the HP recovery function and in that location, it isn't unwanted, but there by design.

I have no idea what your D:\ drive is and what is the purpose of the Preload folder ?

I don't know what base_10.inp (if that is an i not an l), can't tell in the image. However, a google search for base_10.inp seems to indicate it too may be related to HP and the recovery partition, http://www.google.com/search?q=base_10.inp.

####
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

cheater87 · « **Reply #2 on:** July 03, 2011, 12:58:20 AM »

Quote from: DavidR on July 03, 2011, 12:50:55 AM

Well it isn't a false positive, it is a PUP (Potentially Unwanted Program), which you elected to scan for. Its purpose is to KillIt (file process, etc.) as the name implies and avast can't determine intent or if it is unwanted or not, hence the alert since you asked to check for PUPs.

In that location, part of the HP recovery function and in that location, it isn't unwanted, but there by design.

I have no idea what your D:\ drive is and what is the purpose of the Preload folder ?

I don't know what base_10.inp (if that is an i not an l), can't tell in the image. However, a google search for base_10.inp seems to indicate it too may be related to HP and the recovery partition, http://www.google.com/search?q=base_10.inp.

####
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

How do I exactly use virus total and how can I put in that detected file in there? I'm new to this.

DavidR · « **Reply #3 on:** July 03, 2011, 01:30:04 AM »

Follow the instructions in the post, first by creating the temporary folder, excluding it as I said and export the file from the chest.

To open the chest - AvastUI, Maintenance, Virus Chest, once open right click on the file and select Export, use the navigation window to select the c:\suspect folder you created and excluded.

To upload the file start by clicking on the Bold Blue text that is a link to VT, click on the Browse button, use the navigation window to select the file in the c:\suspect folder and upload it.

com155 · « **Reply #4 on:** July 03, 2011, 06:05:46 AM »

i suggest u keep the file in the chest since it may make macious activity if allowed to be in open enviroment if u think its a fp send the file to avast!virus lab by going to virus chest right click on the file and select thew option of send to virus lab.they will ask u to fill in some details of the file and then it will be submited it on next automatic update.

DavidR · « **Reply #5 on:** July 03, 2011, 02:24:09 PM »

Sorry but that is rubbish.

The whole point of extracting it to a temporary location and not restoring it to the original location; the file isn't active and there is no associated registry entry for that temp location which could run it from that location.

If you confirm that it is an FP using VT then you have supporting evidence for when it is submitted as a false positive and you don't swamp the virus labs with detections which you don't know they are FPs or not.

cheater87 · « **Reply #6 on:** July 04, 2011, 11:39:51 PM »

How can I make a folder or file to cause an FP in Avast to practice with submitting?

Pondus · « **Reply #7 on:** July 04, 2011, 11:47:08 PM »

Quote from: cheater87 on July 04, 2011, 11:39:51 PM

How can I make a folder or file to cause an FP in Avast to practice with submitting?

already posted in DavidR first reply

Quote

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

Author Topic: Avast Found An Infection Please Help (Read 3352 times)

cheater87

Avast Found An Infection Please Help

DavidR

Re: Avast Found An Infection Please Help

cheater87

Re: Avast Found An Infection Please Help

DavidR

Re: Avast Found An Infection Please Help

com155

Re: Avast Found An Infection Please Help

DavidR

Re: Avast Found An Infection Please Help

cheater87

Re: Avast Found An Infection Please Help

Pondus

Re: Avast Found An Infection Please Help