Avast detects Truecrypt.exe (Version 6.0a) as a virus

Viruses and worms
1

After updating Avast with the newest build (4.8.1290) and the VPS release dated 11-25-2008, Version 081125-0, the scanner identifies my truecrypt installation (6.0a) as “Win32:Swizzor-N” virus.

A cross check with other scanners was negative. No other scanner identified truecrypt as a virus.

Regards

Reiner

2

Can you please submit it as a false positive?
Thanks.

3

Could you just tell me quickly how to do this?

Thanks

Reiner

4

If you have the latest version of avast!, you should have a “Report as false positive” link in the bottom right corner of the virus warning window.
Or, you can send the file by e-mail to virus@avast.com, preferably in a password-protected ZIP or RAR (together with the password).

5

Just tried to submit via the virus warning window.

Now avast tries to send the file every time I click on update! Should this not stop after the update?

6

“Tries”?
It should be sent once, and deleted (from the submission queue/folder)…
If it’s not the case, can you please post a end (last page, let’s say) from \Setup\Setup.log file? There should be something about the submission there…
Thanks.

7

After a reboot, the transmission is not happening any longer.
But the setup.log file shows that only a fraction of the file (approx. 1.16 MB size) was transmitted.

I have a lot of lines similar to the following (for every click on update):
22:35:45 min/int submit POST(http://download0.avast.com/cgi-bin/iavsup2.cgi?len=0012B77C;id=27F4538CD47C739F0FCC678FC508277CD538D5E087ADB212EF2650640A7FAC70;type=fp) returned 0x20000004, server reply 0
22:35:45 nrm/pkg Submit: files 1, bytes 417792, time 1422 ms
22:35:45 nrm/pkg Submit success: files 0, bytes 0, time 0 ms

I guess the file was not transfered.

8

I sent the file in ZIP with the password in the email

9

Just an off-topic… Truecrypt last version is 6.1 http://www.truecrypt.org/

10

I just got the Swizzor Trojan warning too with Truecrypt 6.1a [after receiving the new Avast engine update].

11

I also get the same error with the 11/25/08 081125-1 version of avast virus definitions. This is obviously a false positive as I have been using this version of TrueCrypt (5.1a) with avast for months now without any problems, and I also use this version of TrueCrypt on another computer with a different antivirus software (Avira AntiVir) installed without it reporting this as a virus.

Right now, I have to disable avast to properly use TrueCrypt.

12

Just exclude the truecrypt directory from scanning and wait until a fix from avast is available. You don’t need to disable avast entirely.

13

You need to use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…

You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.