This morning I got an Avast alert concerning the Tienke sit and now, I got another avast alert concerning the subject file(avmanagerunified.dll). I have checked the .dll file and apparently it is a false positive, but I don’t want to do anything yet.
This is the first time I have gotten any alerts from Avast in years.
Has anyone else gotten this?
By the way Pondus I will alert the Tienke site. Thank you.
RoRo
What scan were you doing on this detection, on-demand, Quick/Full/Custom or on-access ?
Where is this detection found ?
Given the name of this file I suspect that is contains unencrypted virus signatures (and why it was detected), so what program is it associated with ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
DavidR
I wasn’t doing a scan. Avast came up with this when I restarted. It did ask if I thought it was a false positive, but I didn’t know much about it at the time.
I did check it out on the web and got an answer that it probalby was a false positive, so I am interested in whether anyone else had the same warning.
I will do the other things that you suggested in the morning.
RoRo
I believe there may be one other topic about this, but doesn’t change what needs to be done, a) confirm or deny the detection via virustotal, b) if a possible false positive (as outlined below) then c) send the sample to avast as a false positive.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
David,
It was associated with Pure Networks/shared/platform. I have had this program for quite a while and it seems to be working correctly. I just scanned it in my Virus Chest and Avast said it was no virus. Does that mean they have changed their definitions to eliminate it, and I can use it?
Or do I still have to send it to Virus Total?
RoRo
Most likely the Avast definitions were updated and this was a FP, but to play it safe, leave it in the Chest for now.
Since you didn’t do a scan and Avast put this there on it’s own, it can’t hurt to run a Full scan. You can always restore items from the Chest if they come out clean. If you have an on-demand scanner like MBAM (update the definitions first), you can also use this as well if your in the paranoid mood and want to play it safe as well.
I just scanned it in my Virus Chest and Avast said it was no virus. Does that mean they have changed their definitions to eliminate it, and I can use it?Hi roro, The false positive has been corrected and it's save to restore. (Actually, it was never dangerous to start with. :) )
Thanks Safesurf and Bob,
I am running scans now. It was time to do that anyway. Then I will restore the file if necessary.
RoRo ;D ;D
That is why it is important not to delete and send to the chest, but it is important to crack on and check out detections at VT (especially if for applications you have had for a while) and confirm or deny. Then submit to avast for analysis and VPS signature correction.
Obviously some others have beaten you to the punch and submitted the file to avast for analysis, so no need to repeat work already done.
~~~
Running a scan outside the chest would find nothing (inside the chest), so scan the file within the chest and if clean, restore. Then you can proceed with your routine scans and that shouldn’t detect it again.
Thanks again David.
I ran two complete scans (Avast and MBAM) and they found nothing. Now at least I know how to send viruses to Virustotal if necessary.
RoRo ;D
I’m glad everything worked out fine for you. 
Now that your issue is resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed. Thank you.
You’re welcome.
I thought you already knew, since you had been on the forums for a while ;D