Okay, since reformatting my computer a month ago and installing Avast instead of McAfee, things have been going well. One of the first programs I installed after re-installing Windows was Visual Studio 6 Pro, along with all of its utilities. Today, I boot my computer to find for the first time the Avast “You have a trojan” window, complete with the path to the executable. The only problem is that the path is that of the API text viewer utility that was installed with Visual Studio, and is completely harmless.

Normally, I would not be too concerned, except for the fact that it took Avast a month to figure out that there was something supposedly wrong. Just to make sure I was not mistaken about the alert, I clicked on the More info link, which opened a link to the virus report form, the last page I wanted to see. Annoyed, I looked around desperately for a false report form, but found none. So I post this message here. After a few minutes of getting nothing productive done, I decide to do what I’m sure most people believe to be stupid - I run the file, which Avast said was an adware server. Wrong. The file was perfectly fine, and my computer is as well. I hope that this issue can be addressed so that others will not have to panic for no reason. Thank you for your time.

Avast 4 Home Edition, running on Windows XP Home, Service Pack 2.
File in question: C:\Program Files\Microsoft Visual Studio\Common\Tools\Winapi\APILOAD.EXE

I’m in exactly the same situation.

To be more precise, it is “Win32:Adloader-S [Trj]” that is recognised in this software (apiload.exe from Microsoft).

As the virus engine has had un update just before detecting it, i suppose it’s the new 0614-2 VPS that contain the probleme.

and it’s quite boring because I found no way to make avast ignore this file and each time a session starts, it starts complaining about viruses on my hard drive.

I’m having this exact same problem. But not just for the apiload.exe, but also my own Visual Basic 6 SP6 compiled executables…not all of them, just one in particular. I agree that it must be 0614-2 VPS that caused the problem, because it just started this morning.

I am having the same issue with a program that has been running fine for the last two years.

rcsview.exe is giving an alert as if it is infected by “WIN32:agent -MD” Trojan

This started after down load of VSP 0614-2 this am.

any one else with this issue?

jm

Check out this thread for who to test and report a False Positive http://forum.avast.com/index.php?topic=7779.0.

Also if you experience a problem with a particular file being detected and you think it may be a false detection the forums search tool will often find topics relating to that file if it is an FP, like this one http://forum.avast.com/index.php?topic=20350.0. So you can either monitor that thread or add your comment.

It did not take avast! a month to detect something was wrong, it is just most likely (but not definetely) a false positive. To take care of this please e-mail the file to Alwil at virus@avast.com and in the body telling them why you are sending these files. Please follow steps below.

1. Copy file into My Documents
2. Right click and move your mouse over send to then click Compressed (zipped) folder.
3. Double click the .zip folder and give a password virus is fine. (Be sure to include the password in your message body) (If you do not know how to give your .zip folder a password see screenshot)
4. Open your e-mail account/app (thunderbird for example) and fill out the message body then attach the file.
5. Delete the copy file (the one you copied into My Documents not original or .zip)
6. After you have sent the file you may then delete the .zip folder.

KSTAX, can you please submit the mentioned file (rcsview.exe) to virus@avast.com, preferably packed in a password-protected ZIP or RAR, with a subject like “False positive”?
Thanks!

You can stop the reporting of a false positive.

Go the configuration screen for the ON-ACCESS SCANNER ,
Select MORE DETAIL. Go to the STANDARD SHEILD setup.
On this dialog screen select CUSTOMIZE and then the ADVANCED tab.

In this dialog screen you can add files not be scanned. When the problem with the
SIgnature File is fixed you should remove the entry to prevent problems in the future.

You should be sure via other sources (On-Line Scanners, etc) that the file is ‘safe’ before doing this.

It would be nice if the Avast Web Site people could alter the reporting form to report a false positive. The current form assumes it must be a virus. This whole process could be speeded up for ‘standard’ files like the APILOAD.EXE. It would also be nice to give the user some informration about the file on the form. In my case, my daughter almost deleted the file off my PC which has a MS Development Environment on it. I can understand the sending of files to Avast for some files, but, for a MS Standard Release file a changed web form that addresses the issue would probably handle it. Alos, perhapes a method that uploads the file then via a ‘safe’ method could be created for the website.