Hi, had some problems with my scanner so I downloaded a driver from the website. Avast said it found the above virus and to abort the connection.
So I tried re-installing with my CD that came with the scanner…same viris pop-up. So I deceided to scan the CD only, same pop-up…what gives? I’ve had the scanner installed for 4 yrs now?
Thanks,
It may be that a newly added signature happens to match a string on the file.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
If it is indeed a false positive, add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
Or you can send it from the chest (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
I submitted the file off my CD to VirusTotal and the only AV that picks it up is Avast…called Win32:Bmcentral-B
Now what?
Send the sample to avast as I mentioned in my reply and exclude the file from scans in the meantime.
I can’t send a sample to Avast because I can’t zip the file from the CD.
I’m getting really confused on this!
Did you not download this driver into your computer? ???
Zip that driver, if it is the problen file, and send it to avast as David mentioned.
Send the file from the avast chest.
You can add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Thanks for all the replies. I finally turned off avast, copied the file to my desktop, zipped it and sent it to avast with the link to this post. I haven’t heard back yet. Of course I turned avast back on after that and also did a bootscan and there was nothing found.
The funny thing is…the scanner is still installed (because I didn’t up-date the driver as it kept saying virus) and there is nothing found in my bootscan and thorough scan…go figure.
A boot scan wouldn’t find anything, if the infected file is on a CD.
Alwil normally don’t reply unless they need more information, though they are usually quite quick at rectifying false positive detections.
Well I guess Avast doesn’t want to be bothered with this problem
If you read the last reply of yankanuk and did a little reading between the lines, not to mention the complete thread, this was a suspect false positive as confirmed by the VirusTotal results.
This basically that this FP was corrected very shortly after it was reported, so your comment “Well I guess Avast doesn’t want to be bothered with this problem” is well wide of the truth.