I have Snadboy’s Revelation on my hd. I find it to be a very USEFUL program with all the passwords I use. Avast! keeps flagging it as potentially dangerous. I added the utility’s EXE to the Exclusions list and Avast! continued to flag it when booting. I removed the EXE from the list and added the folder in which the utility resides and Avast! continued to flag it when booting. I added the folder, the EXE and the DLL to the list and Avast! continues to flag it when booting. It’s finally reached the annoying stage.
I have other files in the Exclusion list that Avast! no longer flags but this one doesn’t seem to take. It did originally, but something has changed and it doesn’t work any more. Revelation hasn’t changed, moved or been updated in years. It hasn’t even been used in a while.
Avast! Home edition, 4.7.942. Windows XP Home. Everything current.
Exclusion list’s entry for the utility: E:\MY UTILS\SnadBoy’s Revelation v2*;E:\MY UTILS\SnadBoy’s Revelation v2\Revelation.exe;E:\MY UTILS\SnadBoy’s Revelation v2\RevelationHelper.dll
hmmmm could the " ’ " be confusing Avast!? Do I need to manually edit the INI? (the Exclusion option doesn’t have an Edit button)
First, note that there are two exclusions list in avast! - one for the on-demand scanners (Simple UI, Explorer Extension, …), and another one for the Standard Shield resident provider.
Now, what exactly do you mean by “avast! flags it when booting”? Do you mean when you start the application (maybe you have it started automatically when Windows start?), or do you rather refer to avast! boot-time scanner?
What exactly does avast! show in the virus message (the full detected path)?
As you can see the Revelations folder is there. The two partial entries seen below it are for the EXE and DLL files within the folder. There is no Edit button to prove the last two settings so you will have to take my word for them.
The Exclusions for the other files work fine. The top two have been sent in as false positives but will most likely never be removed from the list. They work now and will work if the patterns are updated so no need/desire to revisit them.
The small print says that the list you are updating affects all parts of avast except for resident protection. The list you are showing us is the one for the “on demand” scanner.
The exclusion list for resident protection “on access” scanner (the Standard Shield) is in the “Advanced” tab of the Standard Shield. The message you showed us says it is from the “On Access” scanner.
Well, I can imagine that MSAV.exe uses some uncrypted virus signatures (i.e. it might not be a “real” false positive). What is that Netscape Communicator file, however?
MSCONFIG doesn’t show everything… I suggest to try HijackThis or Autoruns.
Ed 972 Sign of "Win32:Dialer-647 [Trj]" has been found in "F:\Online Services\Netscape\Communicator\Program\browser-handle-shellexecute\[UPX]" file.
Ed 972 Sign of "Phoenix-800" has been found in "O:\WFWG (j)\System\DOS622\MSAV.EXE\[Exec]" file.
BTW I found NOTHING relating to Revelation starting at boot time. I used MSCONFIG, HiJackThis and the MS Autoruns. Does Avast! autoscan for files when booting under Windows?
By “autoscan for files” I was asking if Avast! scanned for a specific list of file names when it started but your answer indicates it doesn’t which in turn brings me back to what the heck is starting this pgm when I boot.
Do you have anything that displays the icon of the program on the desktop? If so, then it may be that the program is being accessed to retrieve the icon for display.