Can Someone Verify This?

[GrizeBar]

Today, I tried to install a program named AV Webcam Morpher 2.0. from http://www.audio4fun.com/webcam-morpher.htm. The file was a downloader for the Install program which when run proceeded to download the executable webcam-morpher.exe into my temp directory. My Avast! Standard Shield popped up a warning that this file was infected with the Win32-Spyware[trj] virus. I sent an email to the AV site but so far no response. All Web reviews of AV Webcam Morpher 2.0 are favorable and there is no indication of any problems with the installs nor warnings. Can anyone verify if this program is safe to use? Thanks!

[DavidR]

You won't normally get a response unless they need more information.

However you should always confirm the detection if you suspect a possible false positive detection.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[GrizeBar]

Thank you! I will do that then.

[DavidR]

No problem, until then.

[GrizeBar]

Here is the URL of the Report Page. There are 4 confirmed readings, apparently Adware.
http://www.virustotal.com/analisis/bdbbcad1a57a4f91e9ccd0823219efb6

The Adware.EShoper appears to be the most dangerous as it is a browser tracker. The Fraudtool is listed as an Anti-Spyware utility. Awaiting your recommendations.

[DavidR]

Send to avast as a possible false positive (the how to report and exclude from scans link in my first post), GData also uses avast as one of its two scanners. So this would effectively reduce the number of detections.

Include the VT results URL in your email/submission to avast.

[GrizeBar]

Thanks! I assume then that the program is safe to use. Much appreciated.

[DavidR]

Personally I would wait for avast to further analyse it, periodically scan the file in the chest on VPS updates, but I'm somewhat cautions.

Given that the other two detections were prefixed with not-a-virus and it was an avast generic signature detection win32:spyware-gen (the -gen indicating generic), there is a high probability it is an FP.

Other than the above I can't give any guarantees, that decision would have to be yours.

[GrizeBar]

I understand, thanks. Unfortunately, the file is too large for my Email quota and can't be sent normally. Is there another site like an FTP that I can send the file to? If not, I'll have to post the file in parts.

[DavidR]

If it is in the Chest, you can send it from there and it will be uploaded during the next auto/manual update, it doesn't actually get send by email. that part of the interface hasn't been updated to reflect the changed submission process.

Send it from the Infected Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

[GrizeBar]

I tried sending the file from the Chest but for some strange reason, when I click Email to AWIL Software, nothing happens. I have 4 other files in the chest and they will bring up the mail window, but this one does nothing. I also tried sending it from the export directory with the same result. I'll try sending it with my alternate email. Failing that, I will run the application in Sandboxie and see if it complains about it.

[Lisandro]

I tried sending the file from the Chest but for some strange reason, when I click Email to AWIL Software, nothing happens.

The file is sent on next update.
You can manually invoke the update to send the file.
Please, don't ask why this must be this way

[GrizeBar]

I tried sending the file from the Chest but for some strange reason, when I click Email to AWIL Software, nothing happens.

The file is sent on next update.
You can manually invoke the update to send the file.
Please, don't ask why this must be this way

Thanks, I won't.

[DavidR]

Whilst Tech is right in it doesn't get send/uploaded until the next update as I mentioned in an earlier post, I think he missed the bit about nothing happened when you clicked the Email to Alwil software, yet when you did this for others the submission window popped-up. So it isn't an issue of it not being sent but being unable to even get that far.

Have you opened the Infected Files section and are you right clicking on the file concerned I think not. Though you comment on being able to at least get the mail window suggests otherwise, were these other files in the Infected Files section ?

Was this the window that popped-up, see image ?

If you just click File, Email to Alwil software, nothing will happen (I just tried it) as nothing has been selected to be emailed/submitted.

I don't know on the off chance it might have anything to do with the file size, there is a setting, Program Settings, Chest, Maximum size to send, try adjusting that to cater for the size of the file you want to submit.

[GrizeBar]

Probably the file size, which is over 16 megs. I didn't see that window in your screenshot when I right-clicked the file in Chest and chose Mail..., with the exeption of the other files, all under 3kb in size.
I finally got smart and set my Verizon Email Advanced Account setting to break up files over 60 KB into sections before sending, so I hope the AWIL Customer Support doesn't blacklist my IP for spamming them with 88 60kb parts of the file. 
Thanks for your help.