The avast! anti-virus on-access scanner keeps detecting a program and says it is a Trojan, which I know for a fact it’s not. The warning box says that it’s Win32:Spyware-gen [trj]. The program is called DSutdown. It automatically shuts down my computer at a set time of over the network. This is the first time that avast! has given me problems over it. I’ve had it for like 4 months now. I’ve tried to exclude it by going to the program settings and then exclusions and adding the path but it still pops up. And whenever the scanner finds the program, it breaks it somehow so when I try to run it an error message pops up that says: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. I didn’t click any of the course of actions like move/rename, delete, or move to the chest all I do is click the no action button but that still doesn’t stop it from breaking the program. Is there any way to stop avast! from detecting it? Thanks in advance for the answers.
P.S.:
I’ve attached a picture of both the avast! warning box and the error message if you want to look.
Confirm that it is an FP by further scanning.
- Upload to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
You also need to add it to the on-access scanner (standard Shield, see the above link) exclusion, as that is what appears to be pinging it and it hasn’t broken it. Even if you select no action avast will not allow an infected/suspect file to run.
I tried to upload it to the on-line scanner but just as I clicked on it to upload avast! popped up and said the same stuff, and when I tried to upload the program it said that I didn’t have the permissions to open it. I created the folder and added to the exclusions list but it still popped up and kept me from moving the file. To exclude a program or folder you left click on the avast! icon and select program settings then go to the exclusions tab and add the file path right? Or am I doing it wrong. It is the on-access scanner that’s triggering it but how to I block it from the Standard Shield?
Which is why I suggested you create and exclude the suspect folder and the instruction was specifically for the standard shield and you haven’t placed it there (or it wouldn’t pop-up). You have used the Program Settings, Exclusions and I didn’t mention that in relation to the suspect folder. But it won’t hurt if you intend to leave the file there or it would be detected on an on-demand scan.
Oh okay, sorry I don’t mess around with avast! much so I didn’t know what you were talking about. Thanks for the pictures. I uploaded it to virustotal and attached the results as a picture.
I think the results are fairly clear because of what the file does, it could be used for good or evil (shutdown), so I would say avast could probably consider renaming this to something more appropriate. This one seems to be being caught by a generic signature (the -gen bit of the name), which I think is wrong, not that it shouldn’t be detected but it should be detected in its own right as a riskware tool.
With tools (riskware) avast has a [Tool] suffix that it normally adds to the end of the malware name, which would seem more appropriate for this detection.
So you should send a sample to avast for analysis as outlined in the link that I gave about reporting possible false positives, though this one is a tool and should be reported as such.
If you installed this and are aware of it and accept the risk as such, then you could exclude it from scans.
Okay thanks, I will do that.
No problem, glad I could help.
A belated welcome to the forums.