False positive - how can I get LameXP back from the chest?

Avast Free Antivirus / Premium Security
1

I didn’t start LameXP since the update to Avast 214.9.0.2008 but when I did so now, Avast blocked the program and put it into the chest.
The program was downloaded from sourceforge, the version is identical with the version from combuterbild.de or heise.de or chip.de - those sites all check the versions with other AVs too and it is guaranteed free of anything malicious. Avast complains because it is packed with UPX.

I tried to download the program from above mentioned sources again but AVAST did not even let me download and install the latest official version.

How can I get the old and previously working version back from the chest?

2

Open the interface and go to scan on the left and then to virus chest at the bottom.

Right click on the file and choose send to virus lab, choose suspected false positive there and fill the form.

Then right click on the file and click restore and add to exclusions. :wink:

3
How can I get the old and previously working version back from the chest?
[b]avast! 2014: Using the Virus Chest[/b] http://www.avast.com/en-eu/faq.php?article=AVKB21#artTitle
4

Sent, excluded and restored the file. Thank you for the head up and I am sorry that I didn’t find the part in the help all by myself earlier :-[

I did not start it before checking it at virustotal - better safe than sorry - and the result is here:
https://www.virustotal.com/de/file/38f711dea493f5a1f45c2a4d3c4c31c988203835eeec3d4f9d004a6d3050faf0/analysis/
Clean.

I still wonder why Avast behaves like this despite the program being the same …

The second problem:
How can I download the new version of LameXP?
All those in my previous post mentiones sites use a CDN, so I can’t whitelist the download URL because I never know what the real URL is.

edit:
Works now, the downloaded file is recognized as clean by the heuristics too. I still wonder why the false alerts seem to happen preferably with files that are packed with runtime packers like UPX … (yes, I know that malware authors use that too, but they use other self extracting routines or other runtime packers too)