Yes nothing found with DrWeb check, you could pause web shield to download it. There shouldn’t be a risk as the file is in an archive
Perhaps you can send a sample, zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a or false positive and include the password in the body of the email. Some info on the avast version and VPS number will also help.
Follow-up:
I have downloaded the zip file and extracted the EvID4226Patch.exea and uploaded it to Jotti where only avast and one other detected anything the other AV detected EvID so presumably this signature is to take care of this patch.
Well, NOD32 detects it too for sure.
Don’t rely on Jotti too much since it’s using Linux scanners which are often limited more than their Windows counterpart.
Your right about the Linux scanners RejZoR, VirusTotal finds many more hits, however of the additional hits 4 mention EvID in the virus name so they would appear to recognise it as the patch.
Yes, it’s just a patch but may also be a mean for a mass mail worm to patch remote systems with it, thus it’s classified as riskware.
I’d just ask Alwil guys to name it properly with [not-a-virus] tag.
It’s basically just riskware like mIRC…
This has now been corrected with the 0614-1 VPS update, very quick correction. Although, not as RejZoR suggested to detect it as the patch and rename the detection, it is no longer detected.
Well as it is with these things, tools and patches. If you installed it yourself, you know what it can do and you are not at danger. If it is installed through a third party, and you do not know the functionality, it is a bit different.
About this patcher:
Some AntiVir Software vendors added the patcher into their virus-definitions. The patcher is often detected as ‘Tool/EvID’. But as a first info:
The patcher ist NO VIRUS.
Some virus and trojanwriter uses the same technique to increase the limit. After that its easier for them to spread to other computers in the internet. This runs without knowledge of the user. So he is not informed about what’s going on.
With the patcher here, every user can decide on his own if he wants to change the file and if yes how high the limit should be. Also the user will be warned if he chooses to high limits, as already infected machines will spread existent viruses and trojans easier to the net. So everybody can choose on its own and is not forced to. The patcher itself does not contain malware.
The virus-notification therefore should be seen as an information that this program contains the functionality to increase the limit. If that program is not known or has not been installed you can delete it.
I hope I have answered some questions.
Problem is solved in the new VPS. EvID4226Patch223d-en.zip is clean again with 0614-1
Anyway, users could know that there are two exclusion lists: one in program settings, for the on-demand scanning.
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demmand scanning):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
