« previous next »
Pages: [1]   Go Down

Author Topic: Marking File Safe  (Read 3215 times)

0 Members and 1 Guest are viewing this topic.

Gadrin

  • Guest
Marking File Safe
« on: May 28, 2008, 08:01:51 PM »
Is it possible in the home version to mark a file as "safe" ?

My last scan picked up this:

Code: [Select]
5/28/2008 10:55:19 AM Gadrin 3420 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\x\codex\Codex Arcanum Search.exe" file. 
Which isn't a Trojan, but an EXE I wrote and compiled myself.

Cheers !


> ???
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89058
  • No support PMs thanks
Re: Marking File Safe
« Reply #1 on: May 28, 2008, 09:42:21 PM »
What did you use to write and compile ?
We seem to get a lot of this sort of stuff when using AutoIt as the script kiddies seem to use that.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

If it is indeed a false positive, add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Gadrin

  • Guest
Re: Marking File Safe
« Reply #2 on: May 28, 2008, 10:18:50 PM »
I wrote it using Winbatch and their old and no longer supported HTML Dialog Extender. Which I think utilized MSIE.

However none of my newer Winbatch EXEs that automate MSIE via OLE get detected. All the large EXEs contain
DLLs that are copied to the folder if the DLL isn't found in the path. But like I said, their newer stuff doesn't
comeback as Virus/Trojan.

Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89058
  • No support PMs thanks
Re: Marking File Safe
« Reply #3 on: May 28, 2008, 11:23:08 PM »
Send it to avast for analysis as the Win32:Trojan-gen detection is done with what appears to be a generic (the -gen part) signature trying to catch multiple similar trojans with the one signature. Hopefully they can tweak it to avoid even the old version, otherwise you will have to exclude these files.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline misak

  • Avast team
  • Sr. Member
  • *
  • Posts: 234
    • Personal page (CZE)
Re: Marking File Safe
« Reply #4 on: May 29, 2008, 11:50:23 AM »
It's false positive alert and will be fixed in next VPS update 080530-0
Logged
Pages: [1]   Go Up
« previous next »