Win32:Ircbot-CDR [Trj] | False Positive?

[crying-eagle]

Hello Community.
At first: I'm sorry, but my english is not very well. I hope you can understand me...

My Notebook has installed Avast Home. The last Update I done today at 12 h... OS is Windows XP Home SP2, all Updates...
A complete Scan with Avast Found a Win32:Ircbot-CDR [Trj] in the Folder C:\Programme\E-Plus\E-Plus Online Connect\bin\loader.dll

This File I scanned with VirusTotal.com and no other Programm found anything... I think, this is a FALSE POSITIVE

Antivirus     Version     letzte aktualisierung     Ergebnis
AhnLab-V3   2007.8.9.2   2007.08.10   -
AntiVir   7.4.0.60   2007.08.10   -
Authentium   4.93.8   2007.08.11   -
Avast   4.7.1029.0   2007.08.11   Win32:Ircbot-CDR
AVG   7.5.0.476   2007.08.11   -
BitDefender   7.2   2007.08.12   -
CAT-QuickHeal   9.00   2007.08.11   -
ClamAV   0.91   2007.08.12   -
DrWeb   4.33   2007.08.11   -
eSafe   7.0.15.0   2007.08.10   -
eTrust-Vet   31.1.5050   2007.08.11   -
Ewido   4.0   2007.08.12   -
FileAdvisor   1   2007.08.12   -
Fortinet   2.91.0.0   2007.08.12   -
F-Prot   4.3.2.48   2007.08.10   -
F-Secure   6.70.13030.0   2007.08.11   -
Ikarus   T3.1.1.12   2007.08.12   -
Kaspersky   4.0.2.24   2007.08.12   -
McAfee   5095   2007.08.10   -
Microsoft   1.2704   2007.08.12   -
NOD32v2   2452   2007.08.12   -
Norman   5.80.02   2007.08.10   -
Panda   9.0.0.4   2007.08.11   -
Prevx1   V2   2007.08.12   -
Rising   19.35.62.00   2007.08.12   -
Sophos   4.19.0   2007.08.01   -
Sunbelt   2.2.907.0   2007.08.11   -
Symantec   10   2007.08.12   -
TheHacker   6.1.7.167   2007.08.12   -
VBA32   3.12.2.2   2007.08.11   -
VirusBuster   4.3.26:9   2007.08.11   -
Webwasher-Gateway   6.0.1   2007.08.12   -
weitere Informationen
File size: 196608 bytes
MD5: 653a839a84a463464940c83c318c2a11
SHA1: aa4d4ac53744367852f3e27eaca92ddf4d91b56c

Can I send this file to Avast? I have no Link and no eMail from Avast....

Hope, somebody can help me....

Thank you.... and greets crying-eagle

[chrispy]

I've got the same problem. It's preventing me from using my Vodafone Mobile Connect account.

Vodafone say they've had several reports from customers on this.

I agree it must be a "false positive". Even if I re-install my software from the original manufacturer's CD the files loader.dll and NWV620.dll are blocked, yet I've been using this software, with these files, for months.

I've sent an e-mail to Avast support, but haven't had any response yet. I hope they hurry up! I'm stuck using a slow dial-up modem instead of my fast mobile connection (which means that most of the time I can't connect)!

[crying-eagle]

I hope they hurry up! I'm stuck using a slow dial-up modem instead of my fast mobile connection (which means that most of the time I can't connect)!

You can go on the Avast Icon in the System-Tray, right mous buttom and Options (Programm Einstellungen - in german).
There you can set a exclusion for the files you need for the connection... After this, Avast don't scan the files in the exclusion list...

Greets

[Lisandro]

Can I send this file to Avast? I have no Link and no eMail from Avast....

Please send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file -  there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586

[crying-eagle]

Please send it in a password protected zip to virus@avast.com

Thank you.

The file is allready set on the exclusion list.

Nice sunday... Greets

[Lisandro]

You're welcome.
Thanks for helping to improve avast detection.
Feel free to come back any time you need help or just to share experiences.

[RejZoR]

It's funny that company gets several reports yet hey don't contact the vendor of antivirus software. Very bad that users have to do their job...

[Reiner]

ACK,

same problem with my installation. No virus until I updated Avast during the weekend.

Regards

Reiner

[crying-eagle]

The file was tested by Avast and I get an answer today...

Hello,

This false positive has been corrected, please update your VPS database.
Thank you.

Best Regards
Jirka Sejtko

Greets