Author Topic: Avast fake alarams, is killing me :((  (Read 7281 times)

0 Members and 1 Guest are viewing this topic.

Sunny1234

  • Guest
Avast fake alarams, is killing me :((
« on: August 25, 2008, 11:19:54 PM »
I have AvAST 4.8 home edition, I use a software called Bandwidth Controller Enterprise  to take care of my internet speeds. I have been using this software since 1 1/2 yr without any problem till today when avast is detecting this a trojan. This program is truely legit and working fine. I tried to restore to earlier date thinking that file might have got infected but still  same problem. So im stuck now and now I have to keep my avast off to make controller work.


 
8/25/2008 10:47:42 AM   SYSTEM   376   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file. 
8/25/2008 10:47:17 AM   SYSTEM   376   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file. 


Virus Database Version - 080825-0

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89034
  • No support PMs thanks
Re: Avast fake alarams, is killing me :((
« Reply #1 on: August 25, 2008, 11:22:43 PM »
avast doesn't do fake alarms, what you are experiencing in your case is a possible false positive detection, which needs to be confirmed one way or another. You also don't mention the malware name given to the detection ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast fake alarams, is killing me :((
« Reply #2 on: August 25, 2008, 11:23:36 PM »
Ops, David posted before...
The best things in life are free.

PotatoMan

  • Guest
Re: Avast fake alarams, is killing me :((
« Reply #3 on: August 26, 2008, 12:04:14 AM »
I have AvAST 4.8 home edition, I use a software called Bandwidth Controller Enterprise  to take care of my internet speeds. I have been using this software since 1 1/2 yr without any problem till today when avast is detecting this a trojan. This program is truely legit and working fine. I tried to restore to earlier date thinking that file might have got infected but still  same problem. So im stuck now and now I have to keep my avast off to make controller work.


 
8/25/2008 10:47:42 AM   SYSTEM   376   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file. 
8/25/2008 10:47:17 AM   SYSTEM   376   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file. 


Virus Database Version - 080825-0

As DavidR said before, this is most likely a false positive. Put the said file in a password protected zip to virus@avast.com with the subject false positive and put the password in the email.

Sunny1234

  • Guest
Re: Avast fake alarams, is killing me :((
« Reply #4 on: August 26, 2008, 02:27:41 AM »
avast doesn't do fake alarms, what you are experiencing in your case is a possible false positive detection, which needs to be confirmed one way or another. You also don't mention the malware name given to the detection ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.


Here's the report

http://www.virustotal.com/analisis/08cce412cfc56cfad9455f8567c9a16b

Thats a very popular program and i have been using it from long time.So I find it strange why its been detected as virus.

Is there any setting in avast so that I can add that file as safe? and tell avast not to interfere? even if its a virus i can live with it!
« Last Edit: August 26, 2008, 02:34:08 AM by Sunny1234 »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89034
  • No support PMs thanks
Re: Avast fake alarams, is killing me :((
« Reply #5 on: August 26, 2008, 03:07:16 PM »
Read the information in the link I gave to a) report it and b) how to exclude.

Whilst there are a number of hits on the VT results, many are heuristic which are prone to false detection. You also didn't answer the question about what malware name avast gave it, this helps us to help you.

So the sample needs sending to avast for further analysis.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Sunny1234

  • Guest
Re: Avast fake alarams, is killing me :((
« Reply #6 on: August 26, 2008, 04:41:06 PM »
Hi David,

I've added the path c:\program files\bandwidth controller enterprise\* to not to be scanned and it worked. I had given information bout the virus, may be you msised it, neways here it is again

Quote
8/25/2008 10:47:42 AM   SYSTEM   376   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file. 
8/25/2008 10:47:17 AM   SYSTEM   376   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file.

and also i have emailed the file to avast.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89034
  • No support PMs thanks
Re: Avast fake alarams, is killing me :((
« Reply #7 on: August 26, 2008, 06:20:27 PM »
Personally I would be more specific with the exclusion as it leaves a hole in your security by not excluding only the specific file.

Yes I did miss the info. The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

So that added to most of the other detections being heuristic it is important to send the sample to avast for analysis. I would say it is most likely that the VPS signatures will be corrected (usually quickly when an FP is identified) periodically scan the sample in the chest and when it is no longer detected remove the exclusions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast fake alarams, is killing me :((
« Reply #8 on: August 26, 2008, 10:38:02 PM »
c:\program files\bandwidth controller enterprise\*
C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe
They're not the same... Enterprise1...
The best things in life are free.

Sunny1234

  • Guest
Re: Avast fake alarams, is killing me :((
« Reply #9 on: August 27, 2008, 04:35:21 PM »
c:\program files\bandwidth controller enterprise\*
C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe
They're not the same... Enterprise1...

Yup but I have given the correct one (with 1) in avast options, thnx for pointing that out tho...bulls eye!

Does Avast replies to your email when u send files to them ? I am very curious to know their findings  for obvious reasons if its a fake alaram and even if its not then for the fact that i'm using this software from many months then why didnt avast picked it up earlier.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89034
  • No support PMs thanks
Re: Avast fake alarams, is killing me :((
« Reply #10 on: August 27, 2008, 05:39:02 PM »
They don't normally contact you unless they need more information (it isn't a fake alarm, a term used for malicious software alerts), periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location.

When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast fake alarams, is killing me :((
« Reply #11 on: August 27, 2008, 09:15:55 PM »
Does Avast replies to your email when u send files to them ? I am very curious to know their findings  for obvious reasons if its a fake alaram and even if its not then for the fact that i'm using this software from many months then why didnt avast picked it up earlier.
David was faster and answered your question ;)
The best things in life are free.