Author Topic: re: tclsh84.exe and Win32:Agent-HFI  (Read 2581 times)

0 Members and 1 Guest are viewing this topic.

jimbhome

  • Guest
re: tclsh84.exe and Win32:Agent-HFI
« on: June 29, 2007, 06:49:14 AM »
While installing Yagarto arm tools Avast advised the tcl shell tclsh84.exe was infected with Win32:Agent-HFI.
I installed it anyway and let Avast scan on the following power up.
It again reported tclsh84.exe infected and I moved it to the chest.
It also reported A0039635.exe in System Volume Information restore point was infected.
Are they really infected or is Avast confused?

Thanks for your help.

Jim Brooks

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: re: tclsh84.exe and Win32:Agent-HFI
« Reply #1 on: June 29, 2007, 02:29:51 PM »
To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
VirusTotal and Jotti both have file size limits 10 and 15MB each.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file -  there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
The best things in life are free.