Author Topic: Wierd False Positive Avast 6 Dell Wireless Keyboard Indicator???????  (Read 2839 times)

0 Members and 1 Guest are viewing this topic.

Offline The Sniggler

  • Full Member
  • ***
  • Posts: 120
I am running a Dell PC with Win 7, Avast 6, Malwarebytes scanner, and Spyware Blaster.

Avast 7 ate my XP machine, so no upgrade here.

Occasionally, when I scan, Avast picks up the Dell wireless cap locks indicator, indicatorosd.exe as a virus! Malwarebytes scans run thru clean. When I restart and scan, no problem. However, if I scan in the am and run the machine all day, later in the day, it will register an infection.

Any ideas will be appreciated.

Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37012
Re: Wierd False Positive Avast 6 Dell Wireless Keyboard Indicator???????
« Reply #1 on: March 28, 2012, 11:23:21 PM »
upload the file to avast lab so they can analyse and remove the FP

Offline The Sniggler

  • Full Member
  • ***
  • Posts: 120
Re: Wierd False Positive Avast 6 Dell Wireless Keyboard Indicator???????
« Reply #2 on: March 28, 2012, 11:37:05 PM »
Why is it not a virus after boot up scan, but later in the day a virus?
Also, this file, on a gazillion DC PCs, should be causing other folks trouble. Anybody else?

Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37012
Re: Wierd False Positive Avast 6 Dell Wireless Keyboard Indicator???????
« Reply #3 on: March 28, 2012, 11:42:52 PM »
you can also test the file at www.virustotal.com  and see if others detect it

Offline The Sniggler

  • Full Member
  • ***
  • Posts: 120
Re: Wierd False Positive Avast 6 Dell Wireless Keyboard Indicator???????
« Reply #4 on: March 30, 2012, 06:26:16 PM »
This is nuts. Scan highlights the caps lock indicator and starts issuing "PID". Uploaded it to the Avast Support Site and we will see what they say.

Offline russgthomas

  • Newbie
  • *
  • Posts: 1
Re: Wierd False Positive Avast 6 Dell Wireless Keyboard Indicator???????
« Reply #5 on: April 09, 2012, 03:06:44 AM »
Me too.  It's surely a FP.  Here's what I submitted in my support ticket:

I have the same identical problem as the one mentioned in this thread on the forum http://forum.avast.com/index.php?topic=96376.0

I cannot supply you with the file since avast has already deleted it  <- this is actually a bug since I chose "Move to Chest" from the "Apply this action for all" setting in the log and clicked apply... avast promptly deleted it.

The reasons why I think it's a FP are:
1 - watching a scan I could see avast was finding 826 infected files.  I stopped the scan (which had only been running a short while) and checked the log.  It was a huge list (no doubt 826 entries long) all saying the same file was infected.
2 - this machine is a little over 2 weeks old.
3 - machine last rebooted 2012-03-28 and scan results are as follows
28 Mar - virus found (same file)
29     - no virus found
30     - virus found (same file)
01 Apr - no virus found
02     - some files could not be scanned
03     - nvf
04     - nvf
05     - nvf
06     - nvf
07     - nvf
08     - virus found (same file)

The file is in memory and running (Task Manager shows no path or description).  Unless I'm not being clear, why would avast NOT find a virus 6 or 7 times but find it 2 or 3 times?  Same file!

Setup
Avast 7 (Fully updated)
Win 7 SP1 fully patched
Browsers Firefox 11, IE9, Chrome 18.
Ram 16 GB, HD ~2TB

I'm not sure what to do next - avast wants to do a boot-time scan (I did this in the past and it takes an age). I have already downloaded a new IndicatorOSD.exe via Dell support.

As you're probably well aware, FPs create massive FUD... and while the program is behaving so strangely (826 refs to the same file???) I wouldn't trust it to do a boot-time scan.

HELP!


Thanks in advance
Russ

p.s. Anyone else hate Captcha as much as I do?  can barely read it most of the time. >:(