Avast fake alarams, is killing me :((

I have AvAST 4.8 home edition, I use a software called Bandwidth Controller Enterprise to take care of my internet speeds. I have been using this software since 1 1/2 yr without any problem till today when avast is detecting this a trojan. This program is truely legit and working fine. I tried to restore to earlier date thinking that file might have got infected but still same problem. So im stuck now and now I have to keep my avast off to make controller work.

8/25/2008 10:47:42 AM SYSTEM 376 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe” file.
8/25/2008 10:47:17 AM SYSTEM 376 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe” file.

Virus Database Version - 080825-0

avast doesn’t do fake alarms, what you are experiencing in your case is a possible false positive detection, which needs to be confirmed one way or another. You also don’t mention the malware name given to the detection ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Ops, David posted before…

As DavidR said before, this is most likely a false positive. Put the said file in a password protected zip to virus@avast.com with the subject false positive and put the password in the email.

Here’s the report

http://www.virustotal.com/analisis/08cce412cfc56cfad9455f8567c9a16b

Thats a very popular program and i have been using it from long time.So I find it strange why its been detected as virus.

Is there any setting in avast so that I can add that file as safe? and tell avast not to interfere? even if its a virus i can live with it!

Read the information in the link I gave to a) report it and b) how to exclude.

Whilst there are a number of hits on the VT results, many are heuristic which are prone to false detection. You also didn’t answer the question about what malware name avast gave it, this helps us to help you.

So the sample needs sending to avast for further analysis.

Hi David,

I’ve added the path c:\program files\bandwidth controller enterprise* to not to be scanned and it worked. I had given information bout the virus, may be you msised it, neways here it is again

8/25/2008 10:47:42 AM SYSTEM 376 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file. 8/25/2008 10:47:17 AM SYSTEM 376 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Bandwidth Controller Enterprise1\Bandwidth Controller.exe" file.

and also i have emailed the file to avast.

Personally I would be more specific with the exclusion as it leaves a hole in your security by not excluding only the specific file.

Yes I did miss the info. The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

So that added to most of the other detections being heuristic it is important to send the sample to avast for analysis. I would say it is most likely that the VPS signatures will be corrected (usually quickly when an FP is identified) periodically scan the sample in the chest and when it is no longer detected remove the exclusions.

They’re not the same… Enterprise1

Yup but I have given the correct one (with 1) in avast options, thnx for pointing that out tho…bulls eye!

Does Avast replies to your email when u send files to them ? I am very curious to know their findings for obvious reasons if its a fake alaram and even if its not then for the fact that i’m using this software from many months then why didnt avast picked it up earlier.

They don’t normally contact you unless they need more information (it isn’t a fake alarm, a term used for malicious software alerts), periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location.

When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

David was faster and answered your question :wink: