I have AvAST 4.8 home edition, I use a software called Bandwidth Controller Enterprise to take care of my internet speeds. I have been using this software since 1 1/2 yr without any problem till today when avast is detecting this a trojan. This program is truely legit and working fine. I tried to restore to earlier date thinking that file might have got infected but still same problem. So im stuck now and now I have to keep my avast off to make controller work.
8/25/2008 10:47:42 AM SYSTEM 376 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe” file.
8/25/2008 10:47:17 AM SYSTEM 376 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe” file.
avast doesn’t do fake alarms, what you are experiencing in your case is a possible false positive detection, which needs to be confirmed one way or another. You also don’t mention the malware name given to the detection ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
As DavidR said before, this is most likely a false positive. Put the said file in a password protected zip to virus@avast.com with the subject false positive and put the password in the email.
Read the information in the link I gave to a) report it and b) how to exclude.
Whilst there are a number of hits on the VT results, many are heuristic which are prone to false detection. You also didn’t answer the question about what malware name avast gave it, this helps us to help you.
So the sample needs sending to avast for further analysis.
I’ve added the path c:\program files\bandwidth controller enterprise* to not to be scanned and it worked. I had given information bout the virus, may be you msised it, neways here it is again
8/25/2008 10:47:42 AM SYSTEM 376 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file.
8/25/2008 10:47:17 AM SYSTEM 376 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file.
Personally I would be more specific with the exclusion as it leaves a hole in your security by not excluding only the specific file.
Yes I did miss the info. The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.
So that added to most of the other detections being heuristic it is important to send the sample to avast for analysis. I would say it is most likely that the VPS signatures will be corrected (usually quickly when an FP is identified) periodically scan the sample in the chest and when it is no longer detected remove the exclusions.
Yup but I have given the correct one (with 1) in avast options, thnx for pointing that out tho…bulls eye!
Does Avast replies to your email when u send files to them ? I am very curious to know their findings for obvious reasons if its a fake alaram and even if its not then for the fact that i’m using this software from many months then why didnt avast picked it up earlier.
They don’t normally contact you unless they need more information (it isn’t a fake alarm, a term used for malicious software alerts), periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location.
When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.