False positive Slime? Favorite program disabled

[pramshaw]

I have been running (under Windows XP) both Avast Free and Family Tree Legends ("FTL," one of the programs I use the most) for many months on my PC with no trouble. Suddenly several days ago Avast said it found the Win32:Slime trojan in FTL's main program file, FTL.exe.

I believe this is a false positive for the following reasons:

a) TrojanHunter sees no problem in the file.

b) I reinstalled the program by downloading it from the program's website, and Avast still said it had the Slime.

c) FTL.exe includes an applet that monitors the FTL website to look for and install program upgrades. It could be that Avast is mistaking that applet for the Slime virus, b/c that's the kind of thing the Slime virus does: downloading and running .exe files from the web.

d) I looked at Norton's description of Slime, and Norton says Slime installs a new value for HKEY_CLASSES_ROOT\exefile\shell\open\command. I ran RegEdit, and I have the proper value for that key, not the one Slime installs.

Avast's recommended action on finding Slime in FTL.exe was "remove to chest." When I chose that option, Avast removed FTL.exe from the FTL folder, and I of course could not run the program. I reinstalled FTL.exe (from the web), and Avast still "found" Slime there, and this time I chose "no action," but I still couldn't run FTL.

So I uninstalled Avast and then reinstalled FTL.exe from the web, but when I try to open FTL.exe, I see the FTL logo, but no program window opens.

How can I fix or undo whatever Avast did so I can run my favorite program?

Thanks much for any assistance!

[DavidR]

A search of these forums for 'slime or ftl.exe' will no doubt return many hits as this topic has been previously discussed recently.

See this thread and if need be add you comment there or follow the thread http://forum.avast.com/index.php?topic=19293.0

For the future there is another way of checking.
You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives

[pramshaw]

With assistance from this forum and FTL's forum, I have solved my problem, and I have FTL up and running again. (It turns out you need to do more than simply "uninstall" FTL before you can reinstall it.)

However, I was only able to reinstall FTL by uninstalling Avast! Home. One of my correspondents said he was able to run FTL and Avast! together by adding FTL.exe to the exclusions in Avast!, but that did not work for me.

I urge the people at Avast! to work with the people at www.familytreelegends.com to fix Avast! so it can co-exist with the FTL program.

Thanks much!

[CharleyO]

***

Welcome to the forums, pramshaw!   

You might want to try a re-installing Avast again since you have now also re-installed FTL. Sometimes, this will work. Also, you can try a repair of the avast installation should problems arise. You must be on-line for this to work ......

Start > Settings > Control Panel > Add/Remove Programs > select Avast > select Change/Remove > scroll down & select Repair > click OK and follow directions. Restart your computer after doing this.

Please come back often, learn more, and maybe help others.   


***

[DavidR]

However, I was only able to reinstall FTL by uninstalling Avast! Home. One of my correspondents said he was able to run FTL and Avast! together by adding FTL.exe to the exclusions in Avast!, but that did not work for me.

I urge the people at Avast! to work with the people at www.familytreelegends.com to fix Avast! so it can co-exist with the FTL program.

They have probably not just added it to the Exclusions but also to the Standard Shield, Customize, Advanced, Add, as well. this stops the resident scanner scanning it. The Program Settings, Exclusions is for the on-demand scans.

By sending a copy of the flp.exe (as I mentioned in the link I gave, the more who report/send it the quicker it is likely to be resolved) which is being detected will help avast correct the detection.