Author Topic: yet another false positive  (Read 5463 times)

0 Members and 1 Guest are viewing this topic.

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
yet another false positive
« on: April 25, 2007, 02:00:18 AM »
Hi,
 I have a script for mIRC that is called multiscript, it is throwing A LOT of false positives, especially in a dll called msn.dll, I know for a fact that this file is not infected, as I have created this file myself. Is there any way to make avast! skip this file when its doing its scans?

Thanks,
speeddemon8803

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: yet another false positive
« Reply #1 on: April 25, 2007, 02:47:26 AM »
Is there any way to make avast! skip this file when its doing its scans?
You need to use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84910
  • No support PMs thanks
Re: yet another false positive
« Reply #2 on: April 25, 2007, 03:05:25 AM »
I have a script for mIRC that is called multiscript, it is throwing A LOT of false positives, especially in a dll called msn.dll, I know for a fact that this file is not infected, as I have created this file myself. Is there any way to make avast! skip this file when its doing its scans?

Besides what Tech has said you should submit this to avast for analysis.

If you are (not) getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (after adding it to the User Files section of the chest).

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

What is the malware name associated with the detection/s ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
Re: yet another false positive
« Reply #3 on: April 25, 2007, 05:22:48 AM »
I dont "think" its a false positive..im absolutely 100% sure it is a false positive as I have stated, I created this file myself, no other anti-virus has detected this thing as a virus, and avast for some reason does. Win32:Trojan-gen. {Other} is the name it gave...i scanned it with an online scanner that uses avast and other engines..and it comes up with motherboardmonitor...and i know for a fact that isnt malware...its diagnostic tools!

avast version:4.7.986
virus database:000735-2

Also known as the very latest virus database update and the very latest program update :)

avast isnt the only one to cry about it..but...its still in fact a false positive because of the fact its intention is not to harm..just to gather information. Avast probably sees it going into ram and searching..and screams at me. I'm not really worried about it, I just would like this DLL file to be removed from avast's vdb as being malware is all.
« Last Edit: April 25, 2007, 05:46:32 AM by speeddemon8803 »

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
Re: yet another false positive
« Reply #4 on: April 25, 2007, 05:27:09 AM »
This is getting me sad now...avast doesnt like my program dll files :(. I would never intentionally make something flag in my avast unless it was the eicar test file.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84910
  • No support PMs thanks
Re: yet another false positive
« Reply #5 on: April 25, 2007, 02:34:57 PM »
I dont "think" its a false positive..im absolutely 100% sure it is a false positive as I have stated, I created this file myself, no other anti-virus has detected this thing as a virus, and avast for some reason does. Win32:Trojan-gen. {Other} is the name it gave...i scanned it with an online scanner that uses avast and other engines..and it comes up with motherboardmonitor...and i know for a fact that isnt malware...its diagnostic tools!

avast version:4.7.986
virus database:000735-2

Also known as the very latest virus database update and the very latest program update :)

avast isnt the only one to cry about it..but...its still in fact a false positive because of the fact its intention is not to harm..just to gather information. Avast probably sees it going into ram and searching..and screams at me. I'm not really worried about it, I just would like this DLL file to be removed from avast's vdb as being malware is all.

I'm sure you don't make files that will intentionally trigger virus alerts, that is why I suggested confirmation, posting the results here gives that confirmation. The same problem has happened with Tech for another scripting tool auto-it (I believe) that somehow in the compiling of the file it creates something that is though incorrectly or otherwise to be infected.

The only way to resolve an FP is by, confirmation and submission as I outlined above, in the submission you can refer to this topic which shows the confirmation (if results of VT or Jotti are posted).
« Last Edit: April 25, 2007, 02:38:19 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11796
    • AVAST Software
Re: yet another false positive
« Reply #6 on: April 25, 2007, 02:40:30 PM »
speeddemon8803, did you send the files to virus@avast.com, as suggested?

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
Re: yet another false positive
« Reply #7 on: April 26, 2007, 05:37:50 AM »
igor...why would I send it to them? its not a virus...that send it to them so they can analyze it and take it out of the vdb?

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
Re: yet another false positive
« Reply #8 on: April 26, 2007, 05:48:31 AM »
even if i wanted to send this..its bigger than the 1024 KB limit..bleh this is going to take forever to get resolved.

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
Re: yet another false positive
« Reply #9 on: April 26, 2007, 05:50:12 AM »
nevermind..i was trying through the program itself..brb going to e-mail like you suggested..boy im slow today forgive me!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84910
  • No support PMs thanks
Re: yet another false positive
« Reply #10 on: April 26, 2007, 02:38:54 PM »
igor...why would I send it to them? its not a virus...that send it to them so they can analyze it and take it out of the vdb?

When sent for analysis, if it is Marked as a False Positive as I mentioned, it will be investigated as such and the VPS updated as required.

even if i wanted to send this..its bigger than the 1024 KB limit..bleh this is going to take forever to get resolved.

You can increase the limit of the 'Maximum size of file to send.' Open the program Settings, Chest and increase the size to allow the file to be sent.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
Re: yet another false positive
« Reply #11 on: April 26, 2007, 07:09:32 PM »
heh, thanks! Sorry for being so fussy!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84910
  • No support PMs thanks
Re: yet another false positive
« Reply #12 on: April 26, 2007, 07:50:27 PM »
Your welcome.
Nothing wrong with being fussy ;D and inquiring mind is a very useful tool.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
Re: yet another false positive
« Reply #13 on: April 27, 2007, 12:58:18 AM »
and now..we wait...boy oh boy! :P

Offline speeddemon8803

  • Newbie
  • *
  • Posts: 12
Re: yet another false positive
« Reply #14 on: May 01, 2007, 05:16:25 AM »
exactly whats supposed to happen now? Ive heard nothing from them since I asked them to take the file off...absolutely nothing..