Author Topic: False positive - how can I get LameXP back from the chest?  (Read 2372 times)

0 Members and 1 Guest are viewing this topic.

QuHno

  • Guest
False positive - how can I get LameXP back from the chest?
« on: November 16, 2013, 09:32:32 PM »
I didn't start LameXP since the update to Avast 214.9.0.2008 but when I did so now, Avast blocked the program and put it into the chest.
The program was downloaded from sourceforge, the version is identical with the version from combuterbild.de or heise.de or chip.de - those sites all check the versions with other AVs too and it is guaranteed free of anything malicious. Avast complains because it is packed with UPX.

I tried to download the program from above mentioned sources again but AVAST did not even let me download and install the latest official version.

How can I get the old and previously working version back from the chest?

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: False positive - how can I get LameXP back from the chest?
« Reply #1 on: November 16, 2013, 09:34:54 PM »
Open the interface and go to scan on the left and then to virus chest at the bottom.

Right click on the file and choose send to virus lab, choose suspected false positive there and fill the form.

Then right click on the file and click restore and add to exclusions. ;)
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37697
  • F-Secure user
Re: False positive - how can I get LameXP back from the chest?
« Reply #2 on: November 16, 2013, 09:37:37 PM »
Quote
How can I get the old and previously working version back from the chest?
avast! 2014: Using the Virus Chest  http://www.avast.com/en-eu/faq.php?article=AVKB21#artTitle


QuHno

  • Guest
Re: False positive - how can I get LameXP back from the chest?
« Reply #3 on: November 16, 2013, 09:55:48 PM »
Sent, excluded and restored the file. Thank you for the head up and I am sorry that I didn't find the part in the help all by myself earlier  :-[

I did not start it before checking it at virustotal - better safe than sorry - and the result is here:
https://www.virustotal.com/de/file/38f711dea493f5a1f45c2a4d3c4c31c988203835eeec3d4f9d004a6d3050faf0/analysis/
Clean.

I still wonder why Avast behaves like this despite the program being the same ...

The second problem:
How can I download the new version of LameXP?
All those in my previous post mentiones sites use a CDN, so I can't whitelist the download URL because I never know what the real URL is.

edit:
Works now, the downloaded  file is recognized as clean by the heuristics too.  I still wonder why the false alerts seem to happen preferably with files that are packed with runtime packers like UPX ... (yes, I know that malware authors use that too, but they use other self extracting routines or other runtime packers too)
« Last Edit: November 19, 2013, 07:33:53 AM by QuHno »