What would appear to be “false positive” - DISreboot.exe is found to be considered “Adware” by Avast on my last on demand scan.
Found Adware by Avast: c:\Program Files\Symantec\LiveUpdate[b]DISreboot.exe[/b]
VirusTotal.com results:
File DISreboot.exe received on 08.28.2008 00:21:04 (CET)
Current status: finished
Result: 7/36 (19.44%)
Jotti’s maleware scan results:
Two out of twenty scans found the file to be malware. The two scanning programs that found the file were Avast and VBA32.
Result: 2/20 (10.00%)
I did what was recommended and moved the file to the “chest” but in order to run a test on the file using VirusTotal & Jotti I had to restore the file back from the chest.
It would look to me like a “false positive” based on the results and where the file is located.
I am inclined to leave the file alone and ignore the Avast recommendation now that I have restored the file.
At this point I have restored the file from the virus chest and added the file to the exclusions list for scans and emailed the the zipped file w/ password to Alwil for verification.
Please advise if I have done anything wrong or should do anything in addition or differently than I have done.
Do you have Symantec products in your computer?
Parite virus is not common into the false positives… nowadays, avast detection rates are higher than the ‘big’ ones in many times…
I might as well address the other posts on this topic…
for the following reasons:
VirusTotal scan had 80.66% of the virus scans consider the file to NOT be adware.
Jotti scan had 90% of the virus scans consider the file to NOT be adware.
I do have Symantec Live Update which is where the file is located.
The file that Avast considered Adware had a creation date of 6/16/04 which would make me think that the file has been on my system for some time and is a date that would make sense when I installed the Symantec program.
I have had Avast protection prior to the 6/16/04 creation date of the file. If the file is really “adware” how did it get there past Avast in the first place?
Avast has not found this file to be “adware” in the past even though it would appear to have been on my system for years.
Historically for me Avast has had a 75% rate of finding “false positives”.
I have had other program files that have been “false positives” that were functions of software I have on my computer i.e. Balloontip.pyd was a function of Clamwin and also had a PDF file that was considered a “virus” both of which I had been excluding on scans and then later removed from the exclusions file which Avast then no longer found them to be malware or viruses.
Assuming this file has been on my system prior to this it has never been found to be adware up until now and I make very few changes or updates or new installs because my computer is so old and has such limited resources.
Adware is “spyware” which is relatively new to Avast scanning.
But just to be safe as you suggest I have moved the file back to the chest as a precaution.
Thanks… I did… as I had posted (see below).
Thanks David… I did not find it on recent pages but have now done a search including the name of the adware file and found nothing other than my post.
In the past on other “false positive” i.e. Balloontip.pyd which I had email to Alwil like I did with this file I never did get a reply…
Does Alwil reply to emails sent about possible “false positives”…
As it is it was just a matter of taking the Ballontip.pyd out of the exclusions and then putting it back in until eventually it was not considered a virus or malware on scans.
In this case I have moved the file to the virus chest where it will remain.
I really need to know if this file is really “malware” because it is in the chest.
Is there any way to find out when Alwil will change and take “false positives” out of the virus signature file so that it can be removed from the exclusions list or in this case restored from the chest?
You don’t normally get a reply unless they need more information. Periodically scan the copy in the chest (won’t work in original location if you have excluded it) and when it is no longer detected you can remove the exclusion.
Because it is a protected location you can’t scan from outside, as you have found in explorer all you will see are file names generated by avast and the files are also encrypted. So you have to first open the chest, locate the file (it will be in the Infected Files section if detected by avast or User Files if you added it manually) and right click on it and select scan.
Or highlight the file and use the menu at the top of the window, File, then Scan, this is much slower as having selected the file, right click is very quick.