Here is something interesting. http://www.virustotal.com/analisis/27145beee2bd6b1a4ee4bac6b768b0bd
That file is absolutely NOT any sort of a virus or any other sort of malware. It is the “precision” 64K demo from the German demo group “farbrausch”.
I’d like to see the cracker that could pack 8 different named viruses (plus others unknown) into a 64K file that also is a multimedia demo. 
First, every antivirus names the malware differently - so it would be much more surprising if the detected names would be the same.
Second, the names (obfuscated) suggest that the file is packed by a strange packer/scrambler - just as most of the real malware.
Third, my avast! doesn’t detect anything in that file?
It looks to me as though some AV apps peg something as ‘suspicious’ if it doesn’t fit the pre-set patterns of what is ‘safe’. Those demos involve some highly creative code, but nothing bad at all.
Yahoo Mail’s scanner tags all archives with password protection as a “virus”. Gmail won’t allow any windows executable file through, somehow detecting them through multiple nested levels of password protected archives of different formats. Both of those are quite irritating.
The Virustotal site must be using old definitions. If you have a good enough 3D accelerator, try running some of the farbrausch demos. Just not fr-030 at work… The rest are all work safe.
Next question, how do I pry Avast Home loose from a file once it’s convinced it is a virus? I can’t send it to virustotal to be examined.
Suspicious generally means the detection was by a Heuristic scan/analysis rather than by a specific virus signature.
So these heuristics look at multiple things (don’t ask, they won’t say what they look at) to determine if a file is suspect, that might be the packing methods employed or trying to obfuscate code or in some way trying to hide its purpose or the purpose isn’t clear or what they consider suspect.
You can see what the ‘scanning engine signatures are’ in the VT results (however, that would have to be for a current scan, your VT link dates from Nov 8 2008 so these aren’t shown) and for the most part they are normally up to date.
I can only assume by not being able to upload to VT you mean because the file exceeds the 10MB upload limit ?
Otherwise it should be uploaded, if not why not ?
Once Avast detects a virus (or “virus” that ain’t actually there) and you tell it to not do anything instead of sending the file to the chest, Avast locks it down so all you can do with the file is delete it. You can’t open it, run it, move it, copy it or attach it to an e-mail.
How do I get Avast off the files without having to totally shut it down? As in “Ignore this file completely! Do NOT try to stop me from running it!”. That’s one more reason why I quit using AVG, it’s “ignore” button didn’t actually make it IGNORE anything. It insisted that one farbrausch demo was a virus, and Grisoft has no way for users of the free AVG to report when it’s being stupid.
That’d be useful both for forcing it to ignore definite false positives and for being able to send suspicious files to sites other than Avast for checking. When I extract these from the .rar, Avast jumps in yelling “GRENADE!” errr… “VIRUS!”. If they truly are nasties, I’m not going to run them, I just want 30+ more opinions from Virustotal.
You aren’t telling it to do nothing, all that you are telling it to do is take none of the listed actions in the alert (No Action), that leaves the file in place but what it won’t let you do is to run a suspect/infected file no matter how many times you click No Action.
There is no single button that will exclude files from scanning, that is a decision taken by Alwil to avoid the accidental exclusion with the resultant potential for damage. You have to take deliberate action to exclude the file from scans (see below). That however, is avoiding the symptom (the alert) and not dealing with the problem (incorrect detection, when confirmed by VT, etc.). It should then be submitted to avast for analysis and correction of the VPS (assuming it is confirmed an FP), that helps all avast users.
add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions (right click the avast ’ a ’ icon)
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Re Uploading to VirusTotal without an alert.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.