Trojanhunter 5 been running fine for over a month on a new Dell XPS M2010 running Windows Ultimate 32-bit, 4GB RAM. Avast update 071220-0 a few hours ago, and all of a sudden Avast warns that there is a trojan - Win32:Delf-HGG in trojanhunter.exe.
Well, I didn’t believe it but quarantined it anyway.
Removed Trojanhunter and when I went to download a new copy Avast said that the download site had the Trojan too.
Can this be right? ??? Shome mishtake shurely? Am contacting Trojanhunter too.
Thanks
It may be a false positive to confirm.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
- Upload to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here. If any are detected by multiple scanners send example to avast, see below.
If it is indeed a false positive, add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Thanks DavidR,
Trojanhunter assure me it’s a false positive (as I suspected). Avast haven’t commented thus far. So it’s back out of quarantine, well re-installed after unloading Avast for the process and all running smoothly again. I’ve run scans, av, trojan and spyware so breathing deeply again.
Thanks for those ideas and resources, much appreciated.
Regards
No problem, welcome to the forums.
You shouldn’t have to reinstall or uninstall avast. Add the path and file name to the exclusions list as I mentioned above and Restore the file from the chest and you should be back to normal.
Sorry, I wasn’t clear, I didn’t uninstall and reinstall Avast! I just unloaded it, i.e. shut it down for the installation of Trojanhunter. Now everything is working as it should be (very strange).
Obviously the exclusions route is one to consider should this occur again.
Once again thanks for your help. ;D
Not so strange if it were a false positive and reported by others (trojanhunter is I guess reasonably popular) then avast will most likely have corrected it. They are usually quck in correction if a file is reported as a possible false positive.
I would say that you should take action to first confirm the detection, then exclude if required and finally send the sample to avast, so that the correction can be applied for others possibly effected.
Your welcome.
I also got a false positive (incorrect detection) by Avast…
I also got a false positive (incorrect detection) by Avast… Have tried to make it an exclusion in the settings of Avast but that did not work… Both the file and even the entire Trojan Hunter folder… Avast will not even allow me to restore the file TrojanHunterSetup.exe… Sent an email to Kagi Support Group ( Trojan Hunter ) their reply was "contact Avast to get them to fix it " Would it be possible for Avast to be infected or have a problem?
There are 2 Exclusion lists:
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.
Which did you exactly add to the exclusion list?
First I exclude just TrojanHunterSetup.exe, this did not work so I exclude C:\Program Files\TrojanHunter 5.0*
Did you boot after that? It should work…
Just tried the reboot… Same result… Also I noticed that the Temp File name changes:
C:\Program Files\TrojanHunter 5.0\is-JMAMB.tmp
C:\Program Files\TrojanHunter 5.0\is-CL86S.tmp
C:\Program Files\TrojanHunter 5.0\is-33T4N.tmp
THis happends each time I try to install…
Maybe you could try the short path, something like:
C:\Progra~1\Trojan~1*.*
Tried the short path: C:\Progra~1\Trojan~1*.*
with reboot… Even put the TrojanHunterSetup (exe ) in C:\Program Files\TrojanHunter 5.0.…
I have tried running this in both safe mode and under administrator…
Uninstalled both Trojan Hunter and Avast… Cleaned registry with Tune Up Utilities 2008… Deleted both remaining folders… Rebooted… Installed Trojan Hunter under Administrator, updated it, ran a scan, no problems… rebooted… Installed Avast under Administrator, updated it, ran a scan, found WIN32.delf-HHG (2) in recycle bin, $RG32EN5.TMP & $RVJ37PB.EXE (1) in Mozilla\Profiles\default\username.slt\Cache, not sure why it showed up there, (1) in Administrator\Downloads, TrojanHunterSetup.exe … They both seem to be getting along with each other… Thanks for all your help…
Sorry to be seen this… the exclusion lists does not seem to be working ???
Also, it would be good if Alwil team correct the false positive.
I don’t think the exclusion list isn’t working.
A screenshot of the (original) virus warning might help - the best thing to do is copy&paste the path from that warning window - because that’s the path used to access the file (so this path should be used in the exclusion list).