false positive: cannot run my program

I am using Avast 4.8 Home Edition and it won’t let me run an exe file I’ve had for years. When I try to run my Microtek scanner file Avast sends up the following warning:
Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Microtek\ScanWizard 5\ScanWizard5.exe” file.

I’ve used this ScanWizard5.exe file for years so it is not new. Because I used this scanner fine - with Avast running - just 4 days ago, I restored the file Avast was worried about from a one month old backup. Avast still will not let me run it. The latest Avast update must be what is causing the problem.

Because I know this file is NOT malware I went into Avast settings and under the exclusion section added the file but apparently this only excludes the file from scanning, not from the resident Avast, so even after rebooting Avast will just not let me run the program.

How can I tell Avast resident that this is a false positive and this is not malware?

Please.

You should also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

I tried to send the file to Virus total but could not while Avast was running. If I sent it from the Virus Total web page I get uploaded 0. So I tried to send it as an email attachment and my email client says it cannot find that file when I click on send (while Avast is running).

I think Avast is still stopping that file from being sent or activated.

Finally, I temporarily stopped Avast’s “on access protection” and then was able to send the file to Virus Total for scanning.
Their report came back:

[ scan result ]
a-squared 4.5.0.41/20091024 found nothing
AhnLab-V3 5.0.0.2/20091023 found nothing
AntiVir 7.9.1.44/20091023 found nothing
Antiy-AVL 2.0.3.7/20091023 found nothing
Authentium 5.1.2.4/20091024 found nothing
Avast 4.8.1351.0/20091024 found [Win32:Malware-gen]
AVG 8.5.0.423/20091024 found nothing
BitDefender 7.2/20091024 found nothing
CAT-QuickHeal 10.00/20091024 found nothing
ClamAV 0.94.1/20091024 found nothing
Comodo 2718/20091024 found nothing
DrWeb 5.0.0.12182/20091024 found nothing
eSafe 7.0.17.0/20091022 found nothing
eTrust-Vet 35.1.7082/20091023 found nothing
F-Prot 4.5.1.85/20091024 found nothing
F-Secure 9.0.15370.0/20091022 found nothing
Fortinet 3.120.0.0/20091024 found nothing
GData 19/20091024 found [Win32:Malware-gen]
Ikarus T3.1.1.72.0/20091024 found nothing
Jiangmin 11.0.800/20091024 found nothing
K7AntiVirus 7.10.879/20091024 found nothing
Kaspersky 7.0.0.125/20091024 found nothing
McAfee 5781/20091024 found nothing
McAfee+Artemis 5781/20091024 found nothing
McAfee-GW-Edition 6.8.5/20091024 found nothing
Microsoft 1.5202/20091024 found nothing
NOD32 4539/20091024 found nothing
Norman 6.03.02/20091023 found nothing
nProtect 2009.1.8.0/20091024 found nothing
Panda 10.0.2.2/20091024 found [Suspicious file]
PCTools 4.4.2.0/20091019 found nothing
Prevx 3.0/20091024 found [Medium Risk Malware]
Rising 21.52.52.00/20091024 found nothing
Sophos 4.46.0/20091024 found nothing
Sunbelt 3.2.1858.2/20091024 found nothing
Symantec 1.4.4.12/20091024 found nothing
TheHacker 6.5.0.2.053/20091024 found nothing
TrendMicro 8.950.0.1094/20091024 found nothing
VBA32 3.12.10.11/20091023 found nothing
ViRobot 2009.10.23.2003/20091023 found nothing
VirusBuster 4.6.5.0/20091024 found nothing

I am sure this is a false positive because Avast has let this very file run for years and - just in case it was malware masquerading as this file - I restored it from a 1-month old backup which Avast had allowed to run fine for years. So this is something caused by Avast’s latest update.

My problem now is how to get to run my ScanWizard without having to stop Avast to do so! Very annoying.

Jeff

Wanted to add that I excluded the file as described above but I also added it for exclusion at standard shield\Customize\Advanced but I still cannot run the file when Avast is active!

First that is pretty conclusive as GData also uses avast as one of its two scanners, so now we are effectively down to only avast detecting it. So you need to submit the sample to avast as a false positive (see the link for reporting and exclusion above).

If the exclusion doesn’t work in that the standard shield still alerts then the most likely cause is incorrectly entering the path and file name to be excluded. The full path (or in conjunction with wildcards) and the file name are required.

Please post the full text that you are entering in the standard shield to exclude the file ?

Hint: when avast alerts, in the window is the path and file name of the detection, this can be copied and pasted into the exclusion list/s.

Thank you for your help DavidR.

I have already sent the file to Avast during one of the many times it kept telling me this was malware.

The reason the exclusion did not work was because I did not have the full path. When I entered that:
C:\Program Files\Microtek\ScanWizard 5\ScanWizard5.exe
it allowed me to open the file.

Thank you for your help.

No problem, glad I could help.