2 FPs? AIM6 uninst.exe and some other file in my system restore, I have question

It seems that one of the recent versions of Avast detects AIM6’s uninst.exe as a false positive.

Results of virus total.

Though, one thing I am a little worried about is another file, though I am just wondering if it could simply be just the same uninst.exe file renamed in the system restore.

Result of virus total.

It was in my “C:\System Volume Information” folder, that has the system restore folder in it I am guessing?

The weird thing is that on the file(that was detected in System Volume) it says the last modified late was in March something.

I disabled system restore and never enabled it until May.

I download/installed AIM6 also sometime in May, not March. Also the last modified date for uninst.exe is in May.

So, main question is, what exactly is the second file that was found in the System Information Volume folder? Is it just uninst.exe renamed or is it from something else?

It is most certainly an FP, the file last modified date doesn’t have to be later than when you enabled SR, it is independent of SR as it relates to the original files last modified date, which could also pre-date the installation of AIM6.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

For it to be in the C:\System Volume Information" folder, it would have had to have been previously moved/deleted from on of the system folders.