Win32:Gamona

[Nell]

I did an Avast scan and it found...  Win32:Gamona.   I'm certain this is a false positive as I've used the affected utility for years.  I re-installed it by first scanning it with Spybot, Malwarebytes and Super antispyware with negative results.

I can't use it because Avast pops up every time. Help please. The utility is Title Bar Clock.  How can I tell Avast to ignor it?

Nell

[DavidR]

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[Nell]

I give up.  Either I'll do without the 'Title Bar Clock" utility by un-installing it again of try another AV.

I'm absolutely certain that it's a false positive.  I'm not a newbie at malware and I've had the utility for at least 4 years.  It's in F:\All Programs\Title Bar Clock\tbc.exe.  ( I have two partitions)

Before I re-installed it the Win32 Gamora [trj] was in C:\Program Files\Title Bar Clock....etc. and C:\System Volume Information\Restore... I deleted it via file manager.

I tried creating C:\Suspect folder and copied it to that location with no luck.

I know how to zip a file but not how to password protect it.

In several years I've never had a virus of serious malware. 

thanks for your help
Nell

[DavidR]

Why give up it isn't much hassle, you didn't say why it didn't work when you tried to copy the file to the suspect folder. I suspect you mean avast alerted.

1. Did you first create the exclusion C:\Suspect\* in the standard shield ?
2. Did you pause the standard shield whilst trying to copy the file ?

I can't say how to password protect your zip as I don''t know what you are using, but 7zip is probably the easiest one I have seen for adding a password to a 7z file.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Edit: where did you download this from ?
I just downloaded it from Softpedia http://www.softpedia.com/progDownload/TitleBarClock-Download-16492.html, version 1.4 and I didn't get an alert on download.

Edit 2: The alert happens on installation on the file you mentioned, but it didb't happen when I extracted the installation file and scanned that.

[DavidR]

Update:

I have uploaded the file to virustotal and although 6/36 detect something, most are generic/heuristic which are more prone to false positive. GData uses avast as one of its two scanners so that effectively means 5/35 detections but I feel there is a strong possibility that this is a false positive.

See the virus total results http://www.virustotal.com/analisis/c4f3d7bccf39ee96004b5948fe9492a4.

That is me for the night, a little after 1:30 a.m. here.

[Maxx_original]

fixed internally..

[DavidR]

Thanks Maxx, I assume it will be onthe next VPS update.

[DavidR]

Update, VPS 081030-0 no longer detects this.

@ Nell ensure you have the latest VPS version.