I have been using Avast Home version, and Newsleecher 3.0 for a couple of years. Newsleecher has not changed… I prefer it to the later releases from Newsleecher.
About a week ago, Avast Home version (latest revision an AVS up to date) is preventing Newsleecher from running, saying it has a trojan in it. I have to disable the standard shield for it to run.
I had AVAST resident scanner scan the actual file from the file manager right click menu, and it shows the file to be fine, no alarms.
I have included the path and file name in both the resident, and the Standard shield exclusion lists in the following format:
c:\newsleecher30\newsleecher.exe This is the path for the actual file on my machine.
I also put additional entries in the standard shield list, c:\newsleecher30* and newsleecher.exe, as well as newsleecher.* on separate lines, but the problem persists.
I uninstalled AVAST, and then downloaded the latest version and reinsalled, and still no joy.
Any suggestions as to how to get back to where I was a week ago, when everything worked?
Those exclusions will do nothing as a) I assume it isn’t being detected as infected.
The newsleacher swamps the connections limit of avast and even though you don’t give the exact error this is what I suspect. I guess you are using the super search function of newsleacher ?
The supersearch uses a protocol other than NNTP on port 119 and that is a problem for the mail scanner. The workaround is the option “Use alt. supersearch port” in NewsLeecher options or to put the address 70.86.176.98 to the Internet Mail’s ignored addresses.
I hope the above makes sence to you as I don’t use newsleacher.
This has been an interesting process. If a trojan does actually exist, as shown by 9 of 37 scanners, why is it not being picked up by all? Is this a new definition in Avast in the last week or so? I have never heard of several of the AV products that “found” this trojan, and am quite surprised that NONE of the heavy weights detect it.
I suppose the next question is to decide whether or not this is a false positive.
I still do not understand why the Exclusion lists in Avast will not override the detection. It is on both lists with a few variations on the Standard Shield list to make sure the syntax is covered off.
c:\newsleecher30\newsleecher.exe I have already pasted this complete path info into both exclusion lists.
The screen popup says something to the effect that Access to this file or folder is denied and the yellow and red popup near the system tray message says more or less c:\newsleecher30\newsleecher.exe Win32:Trojan-gen {Other}. (Im at work right now, so I don’t have my computer handy.
I run the same version of newsleecher on this machine at work and no problems.
Did you copy this path from the virus dialog itself?
If the path you put into the Standard Shield exclusion list is the same as the one shown in the virus warning (i.e. it’s not like one of them is a long path and the other one short variant), then the exclusion list should certainly work.
Yes, what appears in the exclusion lists is identical to what came up in the Virus alert dialog box, except i did not include “contains a sample of …” text.
I agree that it should work, but it does not work. As mentioned earlier, I have also included shorter varients on separate lines of the exclusion lists one as newsleecher.exe, and one as newsleecher.* Still no joy.
There’s no “contains a sample of” text in the virus alert dialog - it’s only in the notification above the tray. You can copy&paste the text from the alert dialog.
I didn’t mean wildcards by the short variants, but rather things like C:\newsle~1 etc.
The Windows Event list under Antivirus shows the “contains a sample of” text string. I refered to that since it usually shows the message that was displayed in the standard windows grey popup dialog box.
No short variants are being used (as per your example) I entered the complete text as shows in the previous messages in this thread
Oh, we see… Windows Events.
Maybe into avast Log viewer, Notice section, could have more info about it.
Are you sure the file is clean? (www.virustotal.com).
Please see the previous messages in this thread. Your question has been answered already. Virustotal.com shows 9 AV products detecting a trojan, out of 36 or however many there are… All the ones that suggest there is a problem are smaller or unknown AV products except for Avast. All the major and respected products show it to be clean.
Clean or not, I would expect the exclusion lists to flag the file as DO NOT SCAN, or DO NOT REPORT. That is the issue. The exclusion lists (BOTH of them) are not preventing this file from being detected as some sort of trojan.
The Avast Log shows multiple entries of
8/16/2008 9:13:14 PM SYSTEM 500 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Newsleecher30\newsLeecher.exe” file.
This is the same info as I posted before
You can find some helpful information at the link below which will help you understand why this exe may be detected as bad depending on it’s location on your computer.
… and from the below ScanDoo/Google search, there are at least 6 bad sites to download this Newsleecher program from that are bad versions (cracked, etc) of this program.
So, there are some very good reasons why avast (or most any other av) should give an alarm. Please check where you got your version of this program from and, more importantly, where the exe is located on your computer.
So, you don’t get the big “Virus found!” window where you can choose what action to take with the file?
That’s what I meant by the virus warning dialog.
[quote author=igor link=topic=37944.msg319904#msg319904 date=1219740248]
So, you don’t get the big “Virus found!” window where you can choose what action to take with the file?
That’s what I meant by the virus warning dialog.
I did get that warning, the large dialog box with choices to fix, quarentine etc. I made a back up of the file, then tried again and asked it to fix the file, but it was unable to. It was quarentined, then I guess. I then restored the file, from the backup, and then turned off the Standard shield process. That’s the only way to get the file to run.
Is there a solution to this problem?
The original question is why the Excude lists in Avast do not work to ignore the program.