Author Topic: Avast ID'ed file as infected, but virscan.org says clean (AVAST leg says clean) (Read 3461 times)

Wonnerber Snerr · « **on:** March 15, 2011, 05:10:36 AM »

Avast 6.0.1000 reported SciTE4AutoIt3.exe (open-source script writing software, straight from its website, so should be clean) was infected with Threat:Win32:Trojan-gen. Wanting to keep the program, I verified with virscan.org (on-line multiple engine scanner). 34 of 37 engines found it clean, including avast!. It was using same virus definitions as I, but different engine (4.7.4 vs 6.0.1000). My local avast hits on this file only on the custom scan (passes the daily quick scan). Major differences are custom has Heuristics=High, test whole files, scan all packers (yes, it does take a looooooong time).

question 1: with the settings I have on custom scan, I realize false-positives are more common. Are there further steps to take to verify, other than on-line multiple-engine scanners?

question 2: new to virscan.org, so at what % would you start to worry about a file? 3/37 or 8% seems nothing to worry about.

SpeedyPC · « **Reply #1 on:** March 15, 2011, 05:18:31 AM »

You might wanted to check from VirusTotal http://www.virustotal.com/index.html to make sure is not FP

Wonnerber Snerr · « **Reply #2 on:** March 15, 2011, 05:32:43 AM »

Hello Speedy,
OK, I've scanned on VirusTotal, and that makes me feel a bit uneasy (9 out of 42 infected). Yet again, avast was clean. But I'd bet they don't have scanners set so high as my custom scan. That aside, should 9/42 be of concern?

SpeedyPC · « **Reply #3 on:** March 15, 2011, 05:39:08 AM »

Quote from: Wonnerber Snerr on March 15, 2011, 05:32:43 AM

Hello Speedy,
OK, I've scanned on VirusTotal, and that makes me feel a bit uneasy (9 out of 42 infected). Yet again, avast was clean. But I'd bet they don't have scanners set so high as my custom scan. That aside, should 9/42 be of concern?

What I would do is wait for essexboy he has a better understanding all kinds of virus and wait further support from someone who has better experience, my guess 9/42 it pretty low just wait for essexboy before you do anything further

Edit: Do you have Malwarebytes' Anti-Malware (MBAM) installed on your PC

Wonnerber Snerr · « **Reply #4 on:** March 15, 2011, 06:11:15 AM »

Speedy, yes, I have MBAM installed. It found no infection with the file, nor did SUPERAntiSpyware.

SpeedyPC · « **Reply #5 on:** March 15, 2011, 07:35:52 AM »

Quote from: Wonnerber Snerr on March 15, 2011, 06:11:15 AM

Speedy, yes, I have MBAM installed. It found no infection with the file, nor did SUPERAntiSpyware.

Thank you just checking

Author Topic: Avast ID'ed file as infected, but virscan.org says clean (AVAST leg says clean) (Read 3461 times)

Wonnerber Snerr

Avast ID'ed file as infected, but virscan.org says clean (AVAST leg says clean)

SpeedyPC

Re: Avast ID'ed file as infected, but virscan.org says clean (AVAST leg says clean)

Wonnerber Snerr

Re: Avast ID'ed file as infected, but virscan.org says clean (AVAST leg says clean)

SpeedyPC

Re: Avast ID'ed file as infected, but virscan.org says clean (AVAST leg says clean)

Wonnerber Snerr

Re: Avast ID'ed file as infected, but virscan.org says clean (AVAST leg says clean)

SpeedyPC

Re: Avast ID'ed file as infected, but virscan.org says clean (AVAST leg says clean)