Author Topic: DBPoweramp (guessing it's false positive)  (Read 5418 times)

0 Members and 1 Guest are viewing this topic.

neutro511

  • Guest
DBPoweramp (guessing it's false positive)
« on: March 16, 2006, 11:02:40 PM »
Can someone confirm?  Avast tells me this contains a virus.  Go to http://www.download.com/dBpowerAmp-Music-Converter/3000-2140-10042534.html

try to download.

neutro511

  • Guest
Re: DBPoweramp (guessing it's false positive)
« Reply #1 on: March 16, 2006, 11:23:06 PM »
http://www.dbpoweramp.com/codec-central-mp4.htm

Ran a full scan on the PC it also thinks the first codec on the page above contains the same virus. 

Win32:Kelvir-W [Wrm]

VPS Version:  0611-1, 03/16/2006

garyb

  • Guest
Re: DBPoweramp (guessing it's false positive)
« Reply #2 on: March 16, 2006, 11:24:42 PM »
I think it's a false positive too.

I've just spent a while trying to get the two "viruses" out of my virus chest so I can send them to Alwil for analysis.
"SpoonUninstall" in the system32 folder, and a  codec elsewhere, both show win32:Kelvir-w worms, but Jotti shows both of them to be clean (even their Avast scanner showed it clean!!)
I've used dBpowerAmp for ages and never had any problems with it until today when I scanned my system.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: DBPoweramp (guessing it's false positive)
« Reply #3 on: March 17, 2006, 12:11:37 AM »
You don't have to get the two viruses out of the chest, you can send then to avast from the chest, right click on the suspect file and select 'Email to Alwil Software' ensure that you allow the default method of sending as MAPI.

In the subject add Possible False positive or in the 'Enter additional info to be sent along with the file:' include a brief description of the problem, a link to this thread would also be helpful.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

neutro511

  • Guest
Re: DBPoweramp (guessing it's false positive)
« Reply #4 on: March 17, 2006, 12:21:27 AM »
That feature isn't so hot for those of us using Web based email  :'(

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: DBPoweramp (guessing it's false positive)
« Reply #5 on: March 17, 2006, 12:35:41 AM »
Then you will have to extract/copy it out of the chest (assuming you have it in the chest) to a temporary folder and zip the file and password protect it to stop email scanners on the route trying to scan it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

neutro511

  • Guest
Re: DBPoweramp (guessing it's false positive)
« Reply #6 on: March 17, 2006, 01:03:31 AM »
I setup gmail to work with Outlook Express.  Sent one of the files. I guess the other file was too large to send with gmail.   I could not change the subject.  I am posting this in the hopes that in the future the makers of Avast will come up with a better method of allowing users to submit this sort of info to them.

I was thinking something like this page:

http://www.avast.com/i_kat_72.php?lang=eng&lang=eng

 could be set up to allow for uploading files and include better info.  (Check here if you believe this is a false positive) etc.


garyb

  • Guest
Re: DBPoweramp (guessing it's false positive)
« Reply #7 on: March 17, 2006, 03:41:36 AM »
I had trouble sending the files... My first attempt was as DavidR said, to email from within the virus chest, but my ISP flagged it as follows:

Our e-mail content detector has just been triggered by a message you sent:
  To: virus@avast.com
  Subject: avast!
  Date: Thu Mar 16 13:51:20 2006

One or more of the attachments (unp232219512.tmp) are on
the list of unacceptable attachments for this site and will not have
been delivered.

Consider renaming the files to avoid this constraint.

The virus detector said this about the message:
Report: Report: Dangerous attachment according to Microsoft Q883260 (unp232219512.tmp)


--
Postmaster

Sonic Networks Inc.


Then, everything I tried to do after getting the files out of the chest failed to work.  Avast just wouldn't let me do anything with them, even if I told it to 'do nothing' when the warning scanner went off they were somehow off limits to me.

I restored, and also tried extracting - both to a floppy and to a special folder -  but couldn't get them to go into a zip file - it always failed and I ended up with zip files with nothing in them - just a 1kB empty zip.

The only way I could do it was to extract them from the chest, and then stop the standard shield (while offline, of course).  Then their icons reappeared as usual (instead of as a generic icon) and I could zip them and get them sent off in an email.

It was quite the pain. 
Anyway, it's better than not being warned if a real virus were to surface  :)

neutro511

  • Guest
Re: DBPoweramp (guessing it's false positive)
« Reply #8 on: March 17, 2006, 06:17:37 PM »
Avast updated this morning; seems to have resolved all my issues. 

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: DBPoweramp (guessing it's false positive)
« Reply #9 on: March 17, 2006, 06:22:55 PM »
I had trouble sending the files... My first attempt was as DavidR said, to email from within the virus chest, but my ISP flagged it as follows:
Then, everything I tried to do after getting the files out of the chest failed to work.  Avast just wouldn't let me do anything with them, even if I told it to 'do nothing' when the warning scanner went off they were somehow off limits to me.
You've answered yourself here:

The only way I could do it was to extract them from the chest, and then stop the standard shield (while offline, of course).
If you want to extract an infected file, it's obvious that it will be warned again by the resident protection.
That's the purpose of antivirus protection: to handle these files you must deliberately and manually disable the protection.

It was quite the pain. Anyway, it's better than not being warned if a real virus were to surface  :)
::)
The best things in life are free.