WoW was working fine this morning and now Avast is reporting a battle.net cache file as Malware/Gen32.
Pausing the Standard Shield solves the problem.
Tried to submit a false positive, but kept getting a message says “File is not packed”.
I have the same problem, although I am reluctant to pause the shield as I have been hacked before.
Avast please sort this out.
I had the same issue as well, but with the starcraft II game instead of warcraft. again it was a file in the battle.net cache. I talked to blizzard tech support and they said they were getting reports today from several avast users with this false positive. the file is used to authenticate with battle.net servers. here is the location of my file:
C:\ProgramData\Blizzard Entertainment\Battle.net\Cache\36\b2(really long filename with letters/numbers here).auth[UPX]
I stopped on-access protection and it works now, but I would rather not have to stop that while playing.
Same problem stopping “File System Shield” fixes problem temporarily, wow forums are lit up with the same issue, problem might affect thousands of ppl >.<
i like avast but ill have to get another antivirus if this isnt fixed within a day
Having the same issue with World of Warcraft. Turning off “File System Shield” allows me to login/play, but this is something I’d like to avoid. Did report as a false positive, is there a way to get this fixed sooner rather than later?
Not just the free version, Pro is doing it too so likely all Avast versions.
Get this sorted, Avast.
I’ve been working on it for the past hour and I think I’ve found a workaround.
If you open avast! and go down to Real-Time Shields, then select File System Shield and then click the Expert Settings button you’ll get a dialog box pop up. From there, select Exclusions and add a new exclusion to the list.
Personally I added:
C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\36*
As this only allows it to stop scanning where it thinks it has found the Win32:Malware-Gen, and it doesn’t require you to take down any of your protection.
I tried to log into World of Warcraft after this and didn’t get a single flag-up or error- my characters loaded straight away.
Hope this helps.
Moggie
For the moment, rather than turning off the “File System Shield” every time I’d like to launch WoW, I’ve made an exclusion for the directory in which the file getting flagged is located.
Open up your Avast! User Interface
Go to Real Time Shields
Go to File System Shield
Click Expert Settings
Go down to Exclusions
Add "C:\ProgramData\Blizzard Entertainment"
Click OK and launch WoW, should work fine.
(This worked on Windows 7, not sure how different the file directory is on XP or Vista)
Again this is just temporary while Avast! sorts out the problem, although I felt it would be better than turning off the File System Shield all together.
Beat me to it! Haha, cheers. 8)
Fix me 
Ive just found the exclusion fix and come here to post it but was beaten!
This is ridiculous, Id rather not have anything in the exclusions but if it sorts it out for now then fine.
Avast need to get on this soon as.
tnx blaineevans
Open up your Avast! User Interface
Go to Real Time Shields
Go to File System Shield
Click Expert Settings
Add "C:\ProgramData\Blizzard Entertainment"
Click OK and launch WoW, should work fine.
Same problem here. Using the Pro version 5.0.677
I’m having this exact same problem. I’m also on Windows XP, and I can’t find anything marked “Go to Real Time Shields” or “Expert Settings” to try and disable this. I found Exclusions, and added the Blizzard Entertainment folder, but I’m STILL getting the virus warning and unable to log in.
Avast, PLEASE fix this!!
Edit: Got in by disabling On-Access Protection just long enough to log in. I don’t like doing that, but again, please fix this ASAP.
- confirm detection.
- if confirmed as an FP, report it to avast, by sending the file for analysis.
####
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
~~~~
That way it resolved the problem for all avast and wow users, rather than everyone having to take exclusion actions.
- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (not just the folder as that leaves a large hole in your defences):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
You have to add a wildcard at the end of the path: C:\ProgramData\Blizzard Entertainment\Battle.net*
could this be anything to do with the daylight savings timechange in Australia overnight?
Im using 4.8 Pro, and I added: C:\ProgramData\Blizzard Entertainment\Battle.net* to the exclusions but I’m still getting the warning, im using Vista 64bit and I cant seem to find Real Time Shield or Expert Settings or anything remotely close, all I can do is click Settings and Exclusions.
I ran into this too, I upgraded to 5.0 added exclusion and im now g2g
Hello,
it will be fixed in next VPS, it will take around 1-2 hours to release next VPS.
Thanks for your patience.
Best regards
Jan Sirmer