Possible False Positive for shortcut to SAS forum (edited)

[catinahat]

Hi. Avast! has just done a scheduled full scan and found a threat for a shorcut in my Favorites folder. Here is a screen dump of the log:

http://i407.photobucket.com/albums/pp157/scratchpics/avastdetection_zps72842e72.jpg

The URL for this site in my favourites is http://forums.superantispyware.com/ and I have checked this website on urlvoid.com and it was 100% clean.

I also uploaded the actual file to be scanned: Virustotal reports 100% clean: https://www.virustotal.com/file/fefd283e2eb2c585775140540998196d2674620cab4e92d6ac0a59222ee02977/analysis/1351928567/

Jottis reports a detection on avast! and Gdata but nothing else: http://virusscan.jotti.org/en-gb/scanresult/9903accaf8e6fdf68d2349b26078b5e8e932b4cd

I have moved it to the virus chest as suggested, but I have not scheduled a boot scan. I'm wondering if this could be a FP? I haven't altered anything in my favorites or visited SAS in months, and this is the 1st time avast! has detected this file as malicious. MBAM & HitmanPro scans clear.

(Apologies for the edits)

[crofty59]

HI

I am also getting the same warning on both of computers here.

On first computer got it from doing a scan, sent to chest.

On 2nd computer if i click to go to sas forum Network-shields blocks it.

There is a discussion here about it
http://forum.avast.com/index.php?topic=108464.0
Cheers

[mchain]

hi catinahat and crofty59,

If a file is placed in the virus chest, there is the option of right-clicking the offending file and sending it out as a false-positive to Avast!  A lnk.file is such a file. 

To better understand what is involved, see:  https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=777&nav=0,61  Best course of action is to do the above, and wait to see if the fp clears on the next vps update or two. 

It is the SUPERAntispyware forums that is affected, tho.  It is likely that the other websites SUPERAntispyware shares the IP address with are the cause of the alert.

See:  http://urlquery.net/report.php?id=82630

Sourceforge.net is noted, as well as grouphelp.customerhelp.com as having IDS intrusions detected.  It is the IP that is being blocked here, so Avast! is possibly protecting you from collateral damage when you attempt to visit

[crofty59]

Thanks mchain

I have checked out your links, found them very informative.

Will wait a few days to see what happens.

cheers

[ky331]

While there's no new AVAST database --- it's still at 121104-0,  which blocked the SAS forum when I tested it this morning ---
I'm showing that I received a streaming update at 2:17 PM (USA - Eastern Standard Time)... and now, I CAN access the SAS forums.

But in an ironic twist, Webroot SecureAnywhere is now blocking the SAS forum:   http://www.wilderssecurity.com/showthread.php?t=335315