The last VPS file version (0611-1 release 03/16/2006) contains a fake warning about the following executable file. This executable (and many others developed by my software company) is protected with the ASProtect 1.2 utility, and the trojan Win32:Ircbot-RT [Trj] is packed with the same software, but my files are NOT infected.
Are you sure it is alerting on the .zip file and not one of the files it contains.
I see it is alerting on http :// www . inf.ufsc.br/~wcunha/Setup.zip\Setup.exe the setup.exe file.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (as you have in the post) will also help.
If it is indeed a false positive as a temporary measure, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
You might want to edit your post to break the live link, like I have to avoid accidental download and scaring the natives ;D
You are right, the warning is on the .exe file inside the .zip. I’m sending the file like you said to the Avast support, and I hope they can analyze it soon, because many of my company clients use Avast too (I always recommend it!), and this mistake can bring a lot of phone calls tomorrow ! :o
File: Setup.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 1e5fcbd53647ce587d09f57ca3cdae23
Packers detected: ASPROTECT
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Ircbot-RT
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
VirusTotal result:
This is a report processed by VirusTotal on 03/17/2006 at 03:08:33 (CET) after scanning the file “Setup.exe” file.
Antivirus Version Update Result
AntiVir 6.34.0.53 03.16.2006 no virus found
Avast 4.6.695.0 03.16.2006 Win32:Ircbot-RT
AVG 718 03.16.2006 no virus found
Avira 6.34.0.53 03.16.2006 no virus found
BitDefender 7.2 03.17.2006 no virus found
CAT-QuickHeal 8.00 03.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060126 03.16.2006 no virus found
DrWeb 4.33 03.16.2006 no virus found
eTrust-InoculateIT 23.71.104 03.17.2006 no virus found
eTrust-Vet 12.4.2121 03.16.2006 no virus found
Ewido 3.5 03.16.2006 no virus found
Fortinet 2.71.0.0 03.17.2006 suspicious
F-Prot 3.16c 03.16.2006 no virus found
Kaspersky 4.0.2.24 03.17.2006 no virus found
McAfee 4720 03.16.2006 no virus found
NOD32v2 1.1446 03.16.2006 no virus found
Norman 5.70.10 03.16.2006 no virus found
Panda 9.0.0.4 03.16.2006 Suspicious file
Sophos 4.03.0 03.16.2006 no virus found
Symantec 8.0 03.17.2006 no virus found
TheHacker 5.9.5.114 03.15.2006 no virus found
UNA 1.83 03.16.2006 no virus found
VBA32 3.10.5 03.16.2006 no virus found
