False Alert on 2 files, need advise

Greetings to all,

Today after i update my avast database, and while it’s in auto-scanning mode, I encountered 2 trojan alarm.
Attached is my avast version, and 2 application logs from event viewer.

The 2 files are in my computer for quite a while already, one is .net framework installer and the other is MSN Messenger installer.
If anyone encounter similar issues or if it’s a false alarm, please advise.

Thanks and have a nice day!

Hello zellist,

just now a update was released. update to the latest vps update. and see if the file is still detected.

alternatively,

you can check whether the detected files are indeed infected or are fps. upload files one at time to virustotal.com and check what antivirus scanners are detecting it as. gdata may have the same detection as avast! since it uses avast scan engine as one of its two scanners. if you see anything like gen, heur like nomenclature then it should be a fp. check it your self. you can send all the files zipped, password protected to virus@avast.com with the subject fp and in the body, put the password and the link to this topic.

nmb

Hi nmb,

Thanks for the quick reply. My database is the latest version.
These 2 detection were made after i update my definition.

But I am assured that these 2 installers are not Trojans. Other scanners show okay.
Both installer were from Microsoft website.

Hopefully these 2 issue may resolve in the next update, and to any other users who face the same thing as I do.

Thanks, and have a nice day!

091119-1 is the latest version. make sure that is the version.

so did you send the files to virus@avast.com ?. if not, you can give the links to those microsoft installers here so that devs can take a look at it.

you are welcome.

nmb

Assurance they aren’t trojans is worthless, conformation is priceless, so you should first confirm using virustotal as suggested, rather than hope someone else reports it and avast corrects it.

The only way to resolve it is to confirm they are FPs and to submit samples for analysis.

If the files aren’t too large:
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

@Sir DavidR

I think the person has already scanned using vt.

nmb

Okay, I have just update from 091119-0 to 091119-1 definition.

I did scan with vt and they turned out okay.
Already removed both of them (to be on the safe side) since I don’t need them anymore.

Also, I believe my installers were the old ones. I can always download the new ones if I need them in the future.

Thanks for your help, Dave and nmb

welcome to the forums.

nmb

From what another user report under another topic, looks like 091119-0 had some issue with Microsoft installers.

091119-1 is working well. :slight_smile:
Glad im here.

Thanks.

You’re welcome.