Avast blocks a safe exe file without any notification.

https://www.dropbox.com/home/Matthew’s%20folder?preview=folder.zip#
In my Windows 10 Version 1511 64-bit, Avast blocks chkunin-x64-ANSI without any notification, but nothing is detected if a manual scan is run. Why?

chkunin-x64-ANSI is an exe file in Primo, which was described below.
http://www.portablefreeware.com/forums/viewtopic.php?p=72896

You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php

Can that count as false positive? The file was blocked silently but not removed, and nothing was detected when a manual scan was run.

The guys from the viruslab have to answer it.

Hello,

can you send us this file in password protected archive please? The dropbox folder doesn’t exists

http://www.mediafire.com/download/a182pcofetzf464/folder.zip
The password is virus
The name of the blocked file is chkunin-x64-ANSI, which cannot be run without another file ‘regshot’, which is also in the above zip file.

The following screenshot shows the result of a manual scan.

The archive is damaged.

And Sirmer did ask to SENT it to them, not to post a link to it here.

I have just replied to Prokop Kalivoda, Avast Technical Support Specialist, by email, to which the blocked file in question has been attached.

https://www.virustotal.com/en/file/ed5fa063dcb9d602296d62828326dc7c0f1351512c1dc8558c3ba1aa66eb43ea/analysis/1450712207/

https://www.virustotal.com/en/file/ce0e543dbe14759282cf769fa24dd6d2b12cc85af328d49197ffa40982337a33/analysis/1450712220/

If Avast considers it a threat, it should be removed with a notification instead of being blocked silently.
When I failed to run the exe file, I thought it was incompatible with Windows 10 and thus contacted the author, who then told me there was nothing wrong with it and the problem might have to do my antivirus.

Check the avast log files and see if anything about it is mentioned in one (or more) of them.

And do not just trust a author.
A author of malware will also tell you there is nothing wrong with it :wink:

Avast did not block it in the past but blocks it at present. If it was malware, Avast should have removed it long ago. I have long been using it, and Avast did not block it until recently.

To Eddy: Where are the log files?

To Pondus: Did you download the zip file from Dropbox or MediaFire?

An Avast Technical Support Specialist just told me by email that s/he was escalating the ticket to the Virus Lab to analyse the problem.

To Pondus: Did you download the zip file from Dropbox or MediaFire?
Mediafire

message from F-Secure lab

The file you sent was found to be malicious.

We will be detecting the sample you submitted as Trojan.Agent.BPHB in the next database update.

https://www.virustotal.com/en/file/ed5fa063dcb9d602296d62828326dc7c0f1351512c1dc8558c3ba1aa66eb43ea/analysis/1450733696/

Avast database had also been updated because the file was removed with a notification when I tried to run it a few minutes ago.

I wonder why a few days ago there was no notification when Avast blocked it. Avast should notify the user no matter whether a file is blocked or removed.

What’s most important is that Avast kept your system safe. :slight_smile:

Users should be notified of what has happened; that’s also important.