False Alarm?

[benjybyte]

And once again, Avast is reporting that SOUNDMAN.EXE is infected with malware. 

This single file seems to be doomed to a whole series of false positive notices.....

[DavidR]

Then resubmit it to the virus labs for reanalysis.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

Or

Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body and false positive in the subject.

[Xanadu]

Another false positive today - Topaz Labs PSP and Photoshop filters.  8bf files.  Didn't find it as malware two days ago - today it's grabbing it and putting it in the chest.  Submitted a report.  Getting tired of this. I did submit the file.

[Xanadu]

I uploaded that file to virus total. 
http://www.virustotal.com/file-scan/report.html?id=e62d567e57be6648b791d467f0cedc4986f01f1018cb4305115df7182c0689ad-1287571018

Now I don't know what to do.  Have been using it forever...malware scans by Spybot never found it, Avast never found it...until today. 

[DavidR]

Well to start with I would upload it again to VT as you have picked up an old analysis from 2010-10-20 which is positively ancient in AV terms. This one is from today and it tells a totally different story, http://www.virustotal.com/file-scan/report.html?id=e62d567e57be6648b791d467f0cedc4986f01f1018cb4305115df7182c0689ad-1296997448.

Whilst there are 19/43 detections they are all either generic or heuristic and are more prone to FP. However there are still a lot of them find something suspicious about it, so for now send the file to avast for analysis as I mentioned above.

- In the meantime if you accept the risk (and I feel with 19/43 there is a risk it could have been infected), add the full path to the file to the exclusions lists (see Note below):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \file_name.exe where file_name.exe is the file you want to exclude.

[Xanadu]

Thank you for your help.  I appreciate it!

[DavidR]

No problem, glad I could help.

Welcome to the forums.

[Xanadu]

Thanks!  
I uninstalled that plugin.  
Then installed the trial of the newest version.  Uploaded that file for scan and it was 0/43.  And Avast does not find it when I use it in PSP.  The one it found was the old trial version, which is now uninstalled.  Thanks for the info on that site - very useful tool.  

[DavidR]

You're welcome.

[Xanadu]

Just update - after uninstall, I cleared all temp files and ran a boot scan.  All clear.  Nothing left behind.  You guys rock!

[DavidR]

Good news.