The last 2 days I’ve got 2 instances of false positives. One is a file I’ve had in a folder for months a loader for win 7 before it was actually available to public. So that one isn’t a surprise. The other is an on and off thing I’ve noticed for the last week or so. It’s a legit site http://windows7center.com/ When I click on Forums I get an alert.
Joe

1. For the file/s:
   You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

2. Legit is no longer a term that can also mean clean as there are many sites hacked nowadays, this is now one of the most common methods of infection.

See http://www.scmagazineus.com/Every-36-seconds-a-website-is-infected/article/140414/.

3. Is this the detection you are getting in the forums, see image, on a .js file ?
   I have had a look at that file and it is obfuscated, which for what is meant to be a plain language scripting language (JavaScript) it is somewhat strange (and always makes me suspicious), unfortunately because of this obfuscation I can’t tell what it is trying to do.

However avast has in the past been very accurate in these type of detections.

Update, I have downloaded the .js file and uploaded it to virustotal for analysis, whilst there is a low detection count, there aren’t many AVs that are a) actually scanning for this and b) much less capable of detection.

See http://www.virustotal.com/analisis/1fb8196deae0c96324b32d93bfcf7c2eb2cc4951cc9fb2ca811073111cdeaf23-1261861869, so there may be a case of this file either having been hacked or possibly its intention being misinterpreted.

David
That pop up looks like what I get. It’s been an on and off thing for a week or so I’ve wondered it it is some kind of detour while they do site maintenance. The loader when I checked at Jotti and it showed Avast and 2 others as positive and all the rest negative. Considering the purpose of the file this not surprising. I had similar detections when I was slipstreaming XP with some files and tools.
Joe

Personally I prefer VirusTotal as it has more scanners and that Jotti uses Linux versions of scanners and VirusTotal uses windows versions, that generally have more functionality in the unpackers, etc.