I’ve been a loyal user of avast! for awhile now! Just recently, avast is detecting au.exe (the executable from Ace Utilities) as a “Win32:SdBot-5252” virus. The same virus is reported on another computer with the same setup. I submitted the file to virustotal.com and 4 other antivirus engines are picking it up with various names…
The rest of the engines don’t give me a result. Could this be a FP? Avast! only warns me when I scan the file, and not when the file is executed! My first hunch is that this is a FP, but I just wanted some opinion…
Well two of the detections are suspicious, meaning it coulf be a heuristic detection, which could be more prone to false positive detection. As for avast and Ikarus the sdbot and rbot are very similar detections, so they might not like what au.exe does. Though it is strange that it only happens on a scan and not when you execute the file, I would have thought it more likely to be the other way round.
Is this the latest version of ace utilities, you could try that to see.
If you are getting a virus warning that you believe is a false positive, then send the sample to virus@avast.com if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), a link to this topic might help and possible false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Thanks for the reply! I’ll have to keep an eye on it with the next few avast updates to see if perhaps that solves the problem… I’m thinking it’s a FP though. If it doesn’t clear up, I’ll submit the file to avast. I am using the latest version of Ace Utilities (http://www.acelogix.com), but I haven’t updated the program since this alert started.
The fact that it only detects it as a virus is if the file is scanned, as opposed to executing the file. The only thing I can guess is that it has something to do with Vista’s User Access Control… Admin. privileges has to be granted before it’ll run… maybe that messes with the detection. I also have to check the avast settings… maybe I have the real-time scanning engine only scanning certain files, but I can’t imagine exe files being left out of the loop!
Thanks for your advice though! If anyone else is getting this alert, let me know so I know it’s not only me!
Keeping an eye on it will have little effect. If people don’t submit samples for analysis as possible false positive detections, then avast won’t be aware of the problem.
So don’t wait, if you haven’t already done so send the sample to avast as outlined in my previous post.
Alright, I’ll send it. I assumed that perhaps an update would solve the problem, but as always, assuming things is never a good idea! At this point, it’s even marking the install file as a trojan. Also, when directly downloading a new install file directly from their website, web shield catches it.
To make a long story short, I’ll sent it right now!
They are usually very quick on ‘reported’ false positives once analysed and found to be an FP. It may also be that someone else also submitted it, but it is best not to assume that and submit the more for the same file would I assume (there we go with assumptions ;D ) increase the priority.