Attached message appears on each boot. Have done two boot scans - clean except for the files it couldn’t access. The program also found a rootkit which I told it to ignore - it’s a legit program, Magic Folders. Any suggestions?
Thanks.
Edit - Prior to installing Avast!, I uninstalled AVG 7.5 AV.
Win XP SP2
Spyware Terminator running real time
v. 4.8.1169
defs: 080503-0
Win firewall - no other
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limit of 10Mb.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.
I’ve forgot…
The virus messages about rootkits are about to be changed in the latest avast version. Some of them have already been changed in the beta. I’m not sure this is not a case of non-exact virus warning.
Tech - I do not get a file identified, all I get is the non-specific popup shown in my original post. All scans have come up clean. As I mentioned, Avast! did find a “rootkit” which I told it to ignore.
The virus warning pops up about 1 - 2 minutes after a boot. Could it be that the notification is after the rootkit scan and the program fails to read that I chose to “ignore” the file?
I’ll disable the rootkit scan on startup and see what happens.
@spiritsongs: Thanks for the reply. AVG 7.5 had an uninstall routine and I used that prior to installing Avast! I’ve also uninstalled Avast! using aswclear.exe (v 1.0.0.1) in Safe Mode and re-installed.
The program seems to work normally except for the popup a couple minutes after boot.
OK - It is as I thought. I uninstalled Magic Folders (the program Avast! identified as a rootkit) and no warning from Avast! on boot. I re-installed Magic Folders and the popup warning re-appeared.
Now - how do I notify Avast! personnel about this situation?
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limit of 10Mb.
As I’ve said before, as a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.
@Tech: Thanks. The problem is that I don’t know the particular file that Avast! objects to because I told it to ignore the file. Every rootkit detector I’ve run has objected to this file but it is legit.
Magic Folders is a security program and I’m sure hooks into the OS in a way that looks like a rootkit.
I’ll attempt to contact the program developer and have him contact Avast! Those two entities have to work it out.
I have been in touch with the creator of Magic Folders which Avast! misidentifies as a rootkit. Even though I told Avast! to “ignore” the first time it warned me, I get the bogus warning shown above on each boot.
The creator of Magic Folders says, “They don’t listen to me. Perhaps they would listen to a customer…”
This is a nettlesome (albeit, not widespread, perhaps) problem. I have the contact info for the programmer for Magic Folders. Can anyone tell me how to pass it on to the developers at Avast!?