Author Topic: Possible False Positive for shortcut to SAS forum (edited)  (Read 2838 times)

0 Members and 1 Guest are viewing this topic.

Offline catinahat

  • Jr. Member
  • **
  • Posts: 53
Possible False Positive for shortcut to SAS forum (edited)
« on: November 03, 2012, 08:17:42 AM »
Hi. Avast! has just done a scheduled full scan and found a threat for a shorcut in my Favorites folder. Here is a screen dump of the log:

http://i407.photobucket.com/albums/pp157/scratchpics/avastdetection_zps72842e72.jpg

The URL for this site in my favourites is http://forums.superantispyware.com/ and I have checked this website on urlvoid.com and it was 100% clean.

I also uploaded the actual file to be scanned: Virustotal reports 100% clean: https://www.virustotal.com/file/fefd283e2eb2c585775140540998196d2674620cab4e92d6ac0a59222ee02977/analysis/1351928567/

Jottis reports a detection on avast! and Gdata but nothing else: http://virusscan.jotti.org/en-gb/scanresult/9903accaf8e6fdf68d2349b26078b5e8e932b4cd

I have moved it to the virus chest as suggested, but I have not scheduled a boot scan. I'm wondering if this could be a FP? I haven't altered anything in my favorites or visited SAS in months, and this is the 1st time avast! has detected this file as malicious. MBAM & HitmanPro scans clear.

(Apologies for the edits)
« Last Edit: November 03, 2012, 09:15:11 AM by catinahat »

crofty59

  • Guest
Re: Possible False Positive for shortcut to SAS forum (edited)
« Reply #1 on: November 03, 2012, 10:32:42 AM »
HI

I am also getting the same warning on both of computers here.

On first computer got it from doing a scan, sent to chest.

On 2nd computer if i click to go to sas forum Network-shields blocks it.

There is a discussion here about it
http://forum.avast.com/index.php?topic=108464.0
Cheers
« Last Edit: November 03, 2012, 10:41:10 AM by crofty59 »

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5425
  • Spartan Warrior
Re: Possible False Positive for shortcut to SAS forum (edited)
« Reply #2 on: November 03, 2012, 11:00:27 AM »
hi catinahat and crofty59,

If a file is placed in the virus chest, there is the option of right-clicking the offending file and sending it out as a false-positive to Avast!  A lnk.file is such a file. 

To better understand what is involved, see:  https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=777&nav=0,61  Best course of action is to do the above, and wait to see if the fp clears on the next vps update or two. 

It is the SUPERAntispyware forums that is affected, tho.  It is likely that the other websites SUPERAntispyware shares the IP address with are the cause of the alert.

See:  http://urlquery.net/report.php?id=82630

Sourceforge.net is noted, as well as grouphelp.customerhelp.com as having IDS intrusions detected.  It is the IP that is being blocked here, so Avast! is possibly protecting you from collateral damage when you attempt to visit
« Last Edit: November 03, 2012, 11:08:23 AM by mchain »
Windows 10 Home 64-bit 21H2 Avast Premier Security version 22.7.6025 (build 22.7.7403.738) UI version 1.0.720.

crofty59

  • Guest
Re: Possible False Positive for shortcut to SAS forum (edited)
« Reply #3 on: November 03, 2012, 11:15:01 AM »
Thanks mchain

I have checked out your links, found them very informative.

Will wait a few days to see what happens.

cheers

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Possible False Positive for shortcut to SAS forum (edited)
« Reply #4 on: November 04, 2012, 08:40:58 PM »
While there's no new AVAST database --- it's still at 121104-0,  which blocked the SAS forum when I tested it this morning ---
I'm showing that I received a streaming update at 2:17 PM (USA - Eastern Standard Time)... and now, I CAN access the SAS forums.

But in an ironic twist, Webroot SecureAnywhere is now blocking the SAS forum:   http://www.wilderssecurity.com/showthread.php?t=335315
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]