Author Topic: How do I stop a false positive repeating  (Read 5302 times)

0 Members and 1 Guest are viewing this topic.

1up2down

  • Guest
How do I stop a false positive repeating
« on: July 28, 2006, 01:52:44 PM »
Hi I've only had Avast a few weeks. Everything seemed OK, but yesterday I went to open a folder lock program and Avast warned of this virus, Win32 Trojan-gen (Other)

Doing a full computer scan, and scanning the folder lock program only, using several online scanners, only comes up with nothing found. I've tried doing these scans with system restore turned off, and after removing folder lock from the computer, always with the same results, nothing found.

After reinstalling folder lock and then trying to open the program, up pops the virus warning again. Everything on my computer works perfectly including folder lock, so I can only presume this has to be a false positive that Avast is coming up with.

Is there anyone on this forum who may know how I can stop this from repeating every time I open the folder lock program. Moving the virus to the chest as recommended makes no difference. Will appreciate any help you can offer.

Tony

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: How do I stop a false positive repeating
« Reply #1 on: July 28, 2006, 02:00:54 PM »
Search the board, please, for Exclusion lists and you'll find how  ;)
There are two of them, one for on-demmand and other for on-access scanning.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: How do I stop a false positive repeating
« Reply #2 on: July 28, 2006, 02:40:55 PM »
What was the file name, where was it found example (C:\windows\system32\infected-file-name.xxx) ?
What avast! version and VPS file (virus database) number, e.g. 0630-2 (see about avast!) ?

How have you confirmed this is a false positive ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

1up2down

  • Guest
Re: How do I stop a false positive repeating
« Reply #3 on: July 29, 2006, 12:16:45 AM »
Thanks for all your help and advice.

I cannot say I have confirmed it is a false positive. It's just that none of the online scanners could detect it, yet even after moving it to the chest, it kept coming back each time I opened my folder lock program. Anyway, I'm not sure what caused the change, but after moving it into the chest for the 13th time, it has suddenly stopped appearing.

File Name C:\WINDOWS\system32\windvNT.sys
Malware Name Win32 Trojan. (Other)
Malware Type Virus/Worm
VPS version 0630-2.26/07/2006

This changed to Win32 Trojan-gen (Other) at some point.

As I said earlier, I have only been using Avast for a few weeks and I obviously have a lot to learn about it. Still, it's nice knowing it has a great forum where I can come for advice.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: How do I stop a false positive repeating
« Reply #4 on: July 29, 2006, 01:15:02 AM »
If it continually comes back than I would tend to think it is a good detection  and there is something restoring it. Also a google search for windvNT.sys returns no hits, which in itself is suspicious.

Have you tried the two on-line multi engine scanners in my post (re read the instruction in the previous post) ?

If you haven't already got this software, download, install, update and run it, preferably in safe mode, Ewido anti-spyware. This should hopefully find whatever is restoring it also.

Do you have a firewall (hopefully not just XP's firewall ?
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

Also, whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security