Avast falsely detects a virus everytime I launch CUETools 2.1.4...

Avast Free Antivirus / Premium Security
1

http://oi60.tinypic.com/2irvofo.jpg

http://oi60.tinypic.com/2uh2z2g.jpg

http://cuetools.net/wiki/Main_Page
http://www.hydrogenaudio.org/forums/index.php?s=e5d958bd18a591812d655d6780220622&showtopic=66233

2

You can report a possible FP here: http://www.avast.com/contact-form.php

3

Please update your vps and scan again.
Definations 20140508-0 is not detecting anything harmfull on my system in Cuetools.

4

OMG! Seriously? Nothing on your system?
I just updated the virus definition and I’m still getting the virus notification when I try to launch CUETools…

http://oi57.tinypic.com/30tmemg.jpg

http://oi62.tinypic.com/68sei0.jpg

Running full scan now…

http://oi60.tinypic.com/10fazcl.jpg

The thing is, I formatted C:\ partition and reinstalled Windows 7 two days ago and I was still receiving the virus notification with just Avast, CUETools, and Windows Updates installed.

Also, every time its a different .dll file that is being flagged in my C:\Users\Admin\AppData\Local\Temp folder.

Help?

5

Okay I did another Full System Scan with these settings…and nothing.

http://oi57.tinypic.com/15d56o0.jpg

http://oi60.tinypic.com/10fazcl.jpg

So is there a virus on my PC or no? A Full system scan doesn’t detect a virus but each time I launch CUETools I get a virus notification.

Which should I trust?

6

Please submit the file for analyzing to avast.
http://www.avast.com/contact-form.php

It is suspicious that Google gives zero results for that file.

7

Dispatched…

8

Ok, now let us wait and see what they say about it.
Keep us informed please.

9

Win32:Evo-Gen [susp] = Suspicious
and only detected on access i think…

10

Having the exact same problem here. Scanned CUETools and got the same “No Threat” report, but when I try to run it, I get the same notices described above.

I reloaded CUETools and that didn’t make it go away.

Anyone know how to make this stop?

11

You can add the file to the exclusions by clicking the link

12

Glad to know someone else is ‘in the same boat’.

I do wonder if Avast can make this stop since it isn’t CUETools.exe that is being flagged but a different .dll file in a user’s Temp directory each time.
Perhaps Avast should give the user a chance to ‘Allow’ the offending file to load if Avast only suspects that it is virus infected…

13

That wouldn’t make sense.
You don’t want anything that is suspicious to be used.

Besides, avast already offers to exclude things.

14

I spent a lovely 5 minutes running Cue Tools over and over, and hitting the “exclude file” button for each .dll file it didn’t like… unfortunately, I ran out of patience before it ran out of dll’s.

Frustrating…

15

Hello

send the whole archive
only send only dll which is being detected
not will have same result.

send the file to virus@avast.com, put “False positive” to email subject.

16

Avast does not have a problem with CUETools version 2.15.
Although it says it it experimental/for testing, it seems to work just fine for me so I’ll be using this version.

17

It’s not one DLL file… it complains about a different file each time I try to run CueTools.

18

Hi all,
I think today I whitelisted some files that might have been this case, so I hope it is already resolved for you!
I just wanted to clarify a couple of things:

  1. If you submit a false positive, we need the file. That is why it is usually better to submit a ticket (https://support.avast.com/Tickets/Submit) or write to virus@avast.com with subject “false positive file”, as someone already suggested. It will help to include a virustotal report. Also, if we have the file (which is usually the case), also a sha256 hash could be enough, but really, the file itself is better:-)
  2. As Pondus said previously, Evo-gen technology really only flags the file on access (usually when it is executed). Not when it is moved, copied, or scanned on demand. This is intended behaviour and will not (99.9%) be changed in the future.
  3. The forum is a place where users can help users. It won’t do any harm to discuss it first here (of course!), but if you want some detection to be disabled - ie. you have evidence that the file is harmless (VT report, you are the creator of the file, major concensus in the forum) - you should use either mail or ticket as the forums aren’t read usually by vlab operators themselves, the demigods who have the power to disable detections (yayyy:-D).
    Any questions, feedback - let me know via PM!
    Honza