Avast reports non-existing worm

I have recently installed a HardSID Quatro url=http://www.hardsid.com[/url] pci-card in my PC. Now, Avast reports a W32:Toal worm in one of the setup files (HSMIDISetup.exe) in the software package for this card. Several people have scanned their files with different anitvirus softwares and no other software reports this worm to be present. If you cjeck the info for the W32:Toal worm you’ll also see that this would be a very unusual way to infect a computer with this particual worm…

Now, my problem is, that in order to use my HardSID card I have to turn Avast On-Access protection completely off… Its anoying since windows constantly reminds me that my anti virus software is turned off. Naturally I do not want to change anti virus software since I really like Avast - but they have to do something about this…

If you at least could turn On-Access protection off for certain folders or files it would be great, but ofcourse the feature of turning virus protection of is for all other functions of avast except On-Access protection.

Until Avast fixes this I will be more exposed to viruses than I would like…

Anyone else that has experienced something similar? And how long did it take for Avast to act? I contacted them last week but havn’t heard anything yet…

You can do that. Select Standard Shield and then Customize… button and select Exclusions tab, Then just enter folder you want to exclude.
For On-Demand scan you have to separately set the same exclusions if you want…

THANKS!!! :smiley:

Hi bitbob,

To be completely safe against this Bin Laden worm, which can circumevent XP with SP2 even, get this patch just in case:
http://www.microsoft.com/technet/security/bulletin/MS01-027.mspx

greets,

polonus

Hello

I have exactly the same problem, could you fix that in a later version ?

I tried to exclude the directory and the file like RejZor say, but it doesn’t work for me. When i try to launch the exe, Avast force me to Erase/Quarantine/Stop.

Please do something i can’t use my soft !

Exactly the same, you resurrected a topic over 18 months old if this were a false positive detection I would have expected it to have been corrected or that hardware to have had a software upgrade by now.

What is the file name and location of the file being detected ?
What exactly are you entering in the Standard Shield, Customize, Advanced, Add area (that is were you are adding it) ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

Let is know the results.

a topic over 18 months old if this were a false positive detection I would have expected it to have been corrected or that hardware to have had a software upgrade by now

Me too :slight_smile:

There is the result :

AntiVir 7.3.1.34 02.08.2007 no virus found Authentium 4.93.8 02.07.2007 no virus found [b]Avast 4.7.936.0 02.08.2007 Win32:Toal[/b] AVG 386 02.08.2007 no virus found BitDefender 7.2 02.08.2007 no virus found CAT-QuickHeal 9.00 02.08.2007 no virus found ClamAV devel-20060426 02.08.2007 no virus found DrWeb 4.33 02.08.2007 no virus found eSafe 7.0.14.0 02.08.2007 no virus found eTrust-InoculateIT 30.4.3378 02.08.2007 no virus found eTrust-Vet 30.4.3378 02.08.2007 no virus found Ewido 4.0 02.08.2007 no virus found Fortinet 2.85.0.0 02.08.2007 no virus found F-Prot 4.2.1.29 02.07.2007 no virus found F-Secure 6.70.13030.0 02.08.2007 no virus found Ikarus T3.1.0.31 02.08.2007 no virus found Kaspersky 4.0.2.24 02.08.2007 no virus found McAfee 4959 02.08.2007 no virus found Microsoft 1.2101 02.08.2007 no virus found NOD32v2 2046 02.08.2007 no virus found Norman 5.80.02 02.08.2007 no virus found Panda 9.0.0.4 02.08.2007 no virus found

And this is the link to the archive (the exe is Hardsidmidi)

http://www.hardsid.com/modules.php?name=Downloads&d_op=getit&lid=4

EDIT : I’m sorry your tips is working ! I was on exclusion before looking on Add Area

Thanks :slight_smile:

But i don’t understand why Avast is the only one to detect a virus here.

But i don't understand why Avast is the only one to detect a virus here.
I don't either but signatures can get confused where a string might match but not be malicious, this does on occasion happen after a large signature update.

The important thing is to send a sample to avast so it can be freshly analysed and corrected.
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest and send it from there (right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

You can read the false positive link above if need be.

It is probably best to remove or edit the link so it isn’t active whilst it is currently detected and just send the exe file sample, e.g. http :// www . hardsid.com/modules.php?name=Downloads&d_op=getit&lid=4