avast! 4.8 home edition going WILD

Couldn’t think of a better subject title. Kinda nails it actually.
avast! user since many years and never experienced something like this:

I ran a full avast! scan 4 days ago.
No results.
Last thing I did before shutting down the comp.
Was out of town, came back today, fired comp up again.
Updated avast!
Ran a scan.

And avast! didn’t stop finding Win32:Trojan-gen {Other} infections:
Two in system restore files.
Seven (!) in various BitDefender files (the second virus scanner I use).
When scanning those files with BitDefender itself: No results.

To play safe I moved everything to the chest, uninstalled Bitdefender completely, and tried to download the newest version from the official BitDefender web site.
Now the real fun part:

!avast jumps in during the download and warns me of a Win32:Trojan-gen {Other} infection of the file.

Basically it tells me bitdefender_free_v10.exe from the offical web site carries an infection.

Something here seems fishy.

Did the !avast guys “mess up” the database with the newest update and we got a whole load of false positives now?

Checking the files with any other virus scanner I got shows them as completely clean.

Any input appreciated.


P.S: While typing this !avast updated again. Still finds the “infections”. Plus two more (surprise, surprise:) Win32:Trojan-gen {Other} in system restore files now.

You can’t use BitDefender as another resident scanner. Two AVs will conflict.

You can’t use two active virus scanners together, meaning two scanners with “real time protection”.
The free version of BitDefender doesn’t have any.
When you install BitDefender it checks your system for conflicting other virus scanners.

My real time protection is avast!
BitDefender on the other hand just sits on my hard drive (no automatic start-up) and I only fire it up when I want/need an additional deep system scan.

The two programs co-existed for years on this machine without any problem whatsoever.

Newest update downloaded for avast! and next minute it goes crazy about BitDefender suddenly.

Everything here hints to a false positive.

If you look over the boards you’ll notice a lot of posts about avast! reacting strangely to many safe, official applications during the last days.
Even games that came from store bought CDs or online games being patched by major companies.
Every time avast! finds the same not further defined Win32:Trojan-gen {Other} infection.
Something seems wrong with the new virus database.

Update:

avast! just downloaded a new virus database.
I ran a full scan.
Showed all previous “infected” files as clean, including all the BitDefender files it listed yesterday and all files in the chest.
Just a false positive as suspected.

For Jtaylor83:

http://www.wilderssecurity.com/archive/index.php/t-71818.html

Interesting read about different virus scanners on the same computer and which ones even make a “good combination”.
The essential part starts with post number eight in the thread.

it’s just a false positive. avast did fix this problem

BitDefender free is on-demand only so shouldn’t be a problem, I would simply suggest you pause the standard shield whilst doing the BitDefender scan.

@ Lainadan
Ensure you have the latest VPS update and rescan the files from within the Infected Files section of the chest and report those still classed as infected (as below).

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
Or using windows explorer directly, C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log copy and paste the data from that would probably be easier.

@ leemar
Whilst this is entirely possible this is an FP, we can’t say for certainty with the information we have. It may be that it is detecting some signatures within the installation file, but we won’t know for sure until Lainadan says what files were reported as infected.

I agree. Win32:Trojan-gen {Other} seems to pop up everywhere. Especially database engines. :frowning: And this started a week or 2 ago. Before that it was pretty far between for a FP for me.

@ Lainadan
just what was I supposed to find in that 2005 Wilders Thread?

I have to admit I didn’t even visit the link, having seen your comment that it dates from 2005 I took a look, as there is no way you can take what is said in 2005 in relation to 2008 versions of the same software.

e.g. this quote from post 8 that Lainadan mentioned “The essential part starts with post number eight in the thread.”

You can use avast! as resident with AntiVir as backup without any problem. They are a great combination :)

Whilst that held true in 2005 as Antivir was an on-demand scanner, however, it doesn’t hold try in 2008 as Antivir is a resident AV scanner.

I didn’t read beyond post 8 as that basically proves the point I made earlier you can’t compare what was a good combination in 2005 to what would be a good combination in 2008 or beyond.

JUST TO SUM UP WE ARE HERE (from DavidR post above)

@ Lainadan
Ensure you have the latest VPS update and rescan the files from within the Infected Files section of the chest and report those still classed as infected (as below).

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
Or using windows explorer directly, C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log copy and paste the data from that would probably be easier.

We’ll wait to hear back from you