Fakeav [trj] Reported in Plam Software?

[YrbkMgr]

I've used several virus scanners and am trying out Avast Home - overall, I'm pretty impressed, but Avast is reporting something that no other scanners are reporting.

Avast says that memopad.dat and memopad.bak are infected with Fakeav [trj]; it cannot fix them and suggests a quarantine (chest). Memopad is part of PalmOne software.

I can find no reference to this virus anywhere, except that Avast includes it in its definitions, and SARC reports Fakeav.a.trojan and Fakeav.b.trojan being in their definition database.

Is this a real threat? Is it a false positive? Any thoughts?

[Eddy]

It could be a false positve. Submit those files to Jotiti and let us know the result.

I suspect it to be a false positive. If this is the case, send the files in a password protected zip to virus@avast.com. Mention in the body of the message that you think it is a false positive and why and the password ofcourse.

[YrbkMgr]

Eddy,

Thanks for the quick reply.

Joti reports the following:

POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)"

So...  in regards to:

I suspect it to be a false positive. If this is the case, send the files in a password protected zip to virus@avast.com. Mention in the body of the message that you think it is a false positive and why and the password ofcourse.

Should I submit it? Also, what do you mean "and why the password"?

Thanks again.

[Eddy]

Yup, submit it. The password is to prevent that the files are removed on their way to Avast by a virusscanner from a server the mail is passing.

[YrbkMgr]

Thanks man. I've submitted it, not sure what to expect next - if they'll reply or simply update the db, or take no action at all (yikes!).

But I'm grateful for the Joti link. Helps with confidence.

[Eddy]

They will check why it is falsly reported and correct it a.s.a.p in the vps. Mostly you will get no reply to the mail, unless they need more information.

[YrbkMgr]

Sigh.

Since they don't contact you, I don't know that they've actually received the file - I can only assume that they have. I sent it as a password protected zip and included the password.

The scanner is still flagging the file, even with the most current updates. I have entered the file into the exceptions list for both, scanning and for on access protection - that seems to work fine BUT...

I've read here in the forum that one can schedule a scan with the free/home version by using "ashquick". I've done that and it works great except that it doesn't seem to take into account the exceptions that I've entered into aVast!. In other words, it still flagging those files and thus, stopping in the middle of the night, not completing the scan.

Any ideas on how to ensure that exceptions are captured while using ashquick? The help file says "It is important to keep in mind that these exclusions affect all tasks! " but it doesn't seem to be the case.

Thoughts? This false alarm is driving me nuts!

[Lisandro]

Any ideas on how to ensure that exceptions are captured while using ashquick? The help file says "It is important to keep in mind that these exclusions affect all tasks! " but it doesn't seem to be the case. Thoughts? This false alarm is driving me nuts!

I know it will be just a workaround but you can 'schedule' the screen saver module.
I'm sure it will jump the exceptions.
I think it's available in both Home and Professional version but, like any other module, in Pro version it is even more configurable... specially on virus cleanning (automatic actions).

Do this:
1. Control Panel > Video properties
2. Screen Saver tab
3. Choose avast screen saver
4. Click 'Configure'
5. Inside of its configurations, choose your 'own' screen saver and other details.
6. I could say more but I know it will be only in professional version...

[YrbkMgr]

In the words of Napolean Dynamite: "Sweet"

Seriously, I had no idea that there was a screen saver module. I'll let it run and we'll see how it goes. Thanks for the tip.

I presume that I can/should eliminate ashquick from scheduled tasks..(??)

[YrbkMgr]

Well, Avast is still flagging those (what I am certain are) false positives - even with the screen saver module, and even though I've put them as individual files, as well as the full path and file in the exceptions list of that module.

I don't mind as much that they get flagged, but the whole process stops.

Crêpe.

I guess it boils down to the notion that perhaps this scanner won't work for me....

[galooma]

Is it possible that you could put those particular files in the exclusion list?

[Lisandro]

Well, Avast is still flagging those (what I am certain are) false positives - even with the screen saver module, and even though I've put them as individual files, as well as the full path and file in the exceptions list of that module.

The exclusion list will read the 'path' as text.
So, can you test if you add different forms will it work?
"C:\Program files\Test Files\*.doc"
"C:\Progra~1\Test~1\*.doc"

etc...
Maybe, I'm thinking now I'm messing the Professional version (where I have a special exclusion list for Screen Saver module) and Home one...

Anyway, the best will be ask and cry for Alwil to exclude this false positives from the virus signatures 

[YrbkMgr]

Is it possible that you could put those particular files in the exclusion list?

Yes. They are in the exclusion list for the screen saver, they are in the exclusion list for the On-Access Protection control, and in the exclusion list under Avast Program settings.

The exclusion list will read the 'path' as text.
So, can you test if you add different forms will it work?
"C:\Program files\Test Files\*.doc"
"C:\Progra~1\Test~1\*.doc"

etc...
Maybe, I'm thinking now I'm messing the Professional version (where I have a special exclusion list for Screen Saver module) and Home one...

Well, first, yes, I've tried all forms. I've got the path only, I've got the path with the filename, I have the filename only, and I have the filename with the wildcard.

And the screen saver module does have an exclusions list in the Home/Free version.

Anyway, the best will be ask and cry for Alwil to exclude this false positives from the virus signatures

I don't know the proper way to ask and cry. I really like the interface of the program, but I'm thinking I may just move to another scanner - maybe F-prot or AVP. I thought that if I liked this one, I would buy it, but it seems that, at least for me, there are issues and I don't really know how to resolve them either by workarounds or by Awil fixing the damn virus defs - or at least confirming that the file I sent has a confirmed virus (it doesn't).

Thanks for the help so far though.

[igor]

I asked for the file around here, but didn't find it... could you resend it, please?
Thanks.

[YrbkMgr]

Thank you Igor.

I have just this moment re-sent the file. It is addressed to virus@avast.com, and will be coming from an e-mail address with "edgecomp" in the first part of the address.

The attachment is a 35K zip file, password protected, and the password is in the body of the note. Hopefully, you'll be able to help.

By the way, I AM impressed at the level of support in this forum.