Avast falsely detects a virus everytime I launch CUETools 2.1.4...

system · 2014-05-08T11:32:02.000Z

Asyn · 2014-05-08T11:35:13.000Z

You can report a possible FP here: http://www.avast.com/contact-form.php

Eddy · 2014-05-08T11:41:06.000Z

Please update your vps and scan again.
Definations 20140508-0 is not detecting anything harmfull on my system in Cuetools.

system · 2014-05-08T12:01:36.000Z

Eddy post:3:

Please update your vps and scan again.
Definations 20140508-0 is not detecting anything harmfull on my system in Cuetools.

OMG! Seriously? Nothing on your system?
I just updated the virus definition and I’m still getting the virus notification when I try to launch CUETools…

http://oi57.tinypic.com/30tmemg.jpg

http://oi62.tinypic.com/68sei0.jpg

Running full scan now…

http://oi60.tinypic.com/10fazcl.jpg

The thing is, I formatted C:\ partition and reinstalled Windows 7 two days ago and I was still receiving the virus notification with just Avast, CUETools, and Windows Updates installed.

Also, every time its a different .dll file that is being flagged in my C:\Users\Admin\AppData\Local\Temp folder.

Help?

system · 2014-05-08T12:33:25.000Z

Okay I did another Full System Scan with these settings…and nothing.

http://oi57.tinypic.com/15d56o0.jpg

http://oi60.tinypic.com/10fazcl.jpg

So is there a virus on my PC or no? A Full system scan doesn’t detect a virus but each time I launch CUETools I get a virus notification.

Which should I trust?

Eddy · 2014-05-08T12:45:03.000Z

Please submit the file for analyzing to avast.
http://www.avast.com/contact-form.php

It is suspicious that Google gives zero results for that file.

system · 2014-05-08T13:50:15.000Z

Eddy post:6:

Please submit the file for analyzing to avast.
http://www.avast.com/contact-form.php

It is suspicious that Google gives zero results for that file.

Dispatched…

Eddy · 2014-05-08T14:39:10.000Z

Ok, now let us wait and see what they say about it.
Keep us informed please.

Pondus · 2014-05-08T15:16:41.000Z

Win32:Evo-Gen [susp] = Suspicious
and only detected on access i think…

system · 2014-05-09T03:14:04.000Z

Having the exact same problem here. Scanned CUETools and got the same “No Threat” report, but when I try to run it, I get the same notices described above.

I reloaded CUETools and that didn’t make it go away.

Anyone know how to make this stop?

essexboy · 2014-05-09T12:50:03.000Z

You can add the file to the exclusions by clicking the link

system · 2014-05-11T13:08:56.000Z

flibby post:10:

Having the exact same problem here. Scanned CUETools and got the same “No Threat” report, but when I try to run it, I get the same notices described above.

I reloaded CUETools and that didn’t make it go away.

Anyone know how to make this stop?

Glad to know someone else is ‘in the same boat’.

I do wonder if Avast can make this stop since it isn’t CUETools.exe that is being flagged but a different .dll file in a user’s Temp directory each time.
Perhaps Avast should give the user a chance to ‘Allow’ the offending file to load if Avast only suspects that it is virus infected…

Eddy · 2014-05-11T13:36:37.000Z

That wouldn’t make sense.
You don’t want anything that is suspicious to be used.

Besides, avast already offers to exclude things.

system · 2014-05-11T21:47:37.000Z

I spent a lovely 5 minutes running Cue Tools over and over, and hitting the “exclude file” button for each .dll file it didn’t like… unfortunately, I ran out of patience before it ran out of dll’s.

Frustrating…

jeffersonsant · 2014-05-11T21:58:03.000Z

flibby post:14:

I spent a lovely 5 minutes running Cue Tools over and over, and hitting the “exclude file” button for each .dll file it didn’t like… unfortunately, I ran out of patience before it ran out of dll’s.

Frustrating…

Hello

send the whole archive
only send only dll which is being detected
not will have same result.

send the file to virus@avast.com, put “False positive” to email subject.

system · 2014-05-13T09:45:59.000Z

flibby post:14:

I spent a lovely 5 minutes running Cue Tools over and over, and hitting the “exclude file” button for each .dll file it didn’t like… unfortunately, I ran out of patience before it ran out of dll’s.

Frustrating…

Avast does not have a problem with CUETools version 2.15.
Although it says it it experimental/for testing, it seems to work just fine for me so I’ll be using this version.

system · 2014-05-20T04:47:06.000Z

It’s not one DLL file… it complains about a different file each time I try to run CueTools.

HonzaZ · 2014-05-20T22:12:32.000Z

Hi all,
I think today I whitelisted some files that might have been this case, so I hope it is already resolved for you!
I just wanted to clarify a couple of things:

If you submit a false positive, we need the file. That is why it is usually better to submit a ticket (https://support.avast.com/Tickets/Submit) or write to virus@avast.com with subject “false positive file”, as someone already suggested. It will help to include a virustotal report. Also, if we have the file (which is usually the case), also a sha256 hash could be enough, but really, the file itself is better:-)
As Pondus said previously, Evo-gen technology really only flags the file on access (usually when it is executed). Not when it is moved, copied, or scanned on demand. This is intended behaviour and will not (99.9%) be changed in the future.
The forum is a place where users can help users. It won’t do any harm to discuss it first here (of course!), but if you want some detection to be disabled - ie. you have evidence that the file is harmless (VT report, you are the creator of the file, major concensus in the forum) - you should use either mail or ticket as the forums aren’t read usually by vlab operators themselves, the demigods who have the power to disable detections (yayyy:-D).
Any questions, feedback - let me know via PM!
Honza

Announcements