Author Topic: How to stop avast from blocking the file?  (Read 16998 times)

0 Members and 1 Guest are viewing this topic.

Offline kaboose

  • Newbie
  • *
  • Posts: 11
How to stop avast from blocking the file?
« on: May 30, 2010, 11:20:04 AM »
Hey everyone am new here so please bare wid me  ;)

aite so recently avast keep blocking the game file and i knw its not a virus so any idea how i can stop that ? i am using avast free home version latest one thx

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3065
Re: How to stop avast from blocking the file?
« Reply #1 on: May 30, 2010, 11:21:55 AM »
Hello Kaboose,

How can you say it is not a virus?

Upload the file to virustotal.com and give us the link.

If it is a false positive, we can send it to virus labs for checking.

nmb

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71416
  • No support PMs thanks
Re: How to stop avast from blocking the file?
« Reply #2 on: May 30, 2010, 03:19:20 PM »
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

You should never try to circumvent a detection unless you are 100% certain it is a false positive detection, so:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3065
Re: How to stop avast from blocking the file?
« Reply #3 on: May 30, 2010, 03:46:09 PM »
May be I should prepare canned speeches. Isn't it sir DavidR?

nmb

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71416
  • No support PMs thanks
Re: How to stop avast from blocking the file?
« Reply #4 on: May 30, 2010, 04:40:34 PM »
Well it saves time for common issues and gives more information to the user so that they don't bump into the obvious problem of trying to upload to virustotal.

If using it, it is important not to overwhelm the OP with too much information, which the last half of mine in most cases I wouldn't post for regular detections. This however is somewhat different as it appears to be for an old file previously used (reading between the lines).
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3065
Re: How to stop avast from blocking the file?
« Reply #5 on: May 30, 2010, 05:18:02 PM »
Thanks for the tip sir DavidR. Will keep that in mind while prep'ing the canned speeches. :)

nmb

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71416
  • No support PMs thanks
Re: How to stop avast from blocking the file?
« Reply #6 on: May 30, 2010, 05:34:12 PM »
You're welcome.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline kaboose

  • Newbie
  • *
  • Posts: 11
Re: How to stop avast from blocking the file?
« Reply #7 on: May 31, 2010, 10:50:45 AM »
Hello Kaboose,

How can you say it is not a virus?

Upload the file to virustotal.com and give us the link.

If it is a false positive, we can send it to virus labs for checking.

nmb

thx for replying ... its not virus cuz i been using that file for long time lol with avast its just from last couple days its doing that not sure y .. heres the link i got when uploaded on virus total : http://www.virustotal.com/reanalisis.html?dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732

http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1267514451

Offline kaboose

  • Newbie
  • *
  • Posts: 11
Re: How to stop avast from blocking the file?
« Reply #8 on: May 31, 2010, 10:54:48 AM »
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

You should never try to circumvent a detection unless you are 100% certain it is a false positive detection, so:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.


thanks for the long reply .. so as u mentioned to put the file in exclusions list since my file is on the desktop so i decided not to make a suspect folder so to add it to exclusion i have to go to Settings>Exclusions>Add ... is that all u want me to do ? also i reported the file as false positive already thx
« Last Edit: May 31, 2010, 11:04:29 AM by kaboose »

Offline kaboose

  • Newbie
  • *
  • Posts: 11
Re: How to stop avast from blocking the file?
« Reply #9 on: May 31, 2010, 10:56:11 AM »
thx for replying everyone
« Last Edit: May 31, 2010, 11:04:55 AM by kaboose »

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3065
Re: How to stop avast from blocking the file?
« Reply #10 on: May 31, 2010, 12:26:36 PM »
Can you tell us the path where this file was detected?

Also, you say you know that this file was there for long time. How do you know that?

According to what I found out, It should be related to a game.

you have to give us all details. : What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Also upload the file to vt and rescan the file. don't give the link to old scan report.

nmb

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 280
Re: How to stop avast from blocking the file?
« Reply #11 on: May 31, 2010, 01:29:20 PM »
@kaboose

http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1267514451

Look at the result 17 AV's detected it.

And the one you upload on virustotal is dated on 2010.03.02

Can you upload the file again?

Im sure the file is virus.
« Last Edit: May 31, 2010, 01:31:14 PM by chubalz »
Windows 7 SP1 / Avast 2015/ Sandboxie 4.16/ MC-Shield

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71416
  • No support PMs thanks
Re: How to stop avast from blocking the file?
« Reply #12 on: May 31, 2010, 03:28:39 PM »
The latest result is 19 detections http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732 as at 2010.05.31 08:48:52 so there is something suspicious in what this file does as most of the detections are either generic (.gen) or heuristic (suspicious/sus).

So what game does this file belong to ?

A google search for the SSWv5.11.dll file (Super Simple Wall ?) returns some that associate it with a games hack (which can come with unwelcome guests).
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3065
Re: How to stop avast from blocking the file?
« Reply #13 on: May 31, 2010, 03:46:29 PM »
The latest result is 19 detections http://www.virustotal.com/analisis/dfbf62a69c89e6890379acc783c5b537fc0a4a6289d123cfa05ab289db9d255d-1275295732 as at 2010.05.31 08:48:52 so there is something suspicious in what this file does as most of the detections are either generic (.gen) or heuristic (suspicious/sus).

Where did you get that done from? I mean did you click re analyse? It didn't work for me, sir.

Quote
A google search for the SSWv5.11.dll file (Super Simple Wall ?) returns some that associate it with a games hack (which can come with unwelcome guests).

That is what even I thought(previous post). Some kind of patch or crack, may be?

nmb
« Last Edit: May 31, 2010, 03:48:26 PM by nmb »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71416
  • No support PMs thanks
Re: How to stop avast from blocking the file?
« Reply #14 on: May 31, 2010, 04:15:26 PM »
The re analyse button in the reanalisis link worked for me.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security