False Positive . How to remove ?
When I begin a scan Avast! home detects virus that really they are not.
I have put in exceptions with no good results. Only for resident protection, but not for the schedule scan I prepare with a launcher.
what can i do ?
Thanks
Excuse my language. I’m from Canary Islands
You need to use the Exclusion lists:
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.
Can you inform the file as being a false positive (click on the bottom right of the virus warning message).
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.
This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
What is the malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
Why do you think it is a false positive ?
If this is in the anti-rootkit part of a scan then the standard exceptions may not work, but it could be you have an incorrect path and file name, exactly what did you enter in the exclusions (clue, it should be what I asked for in relation to file name and location above) ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Splendid help. Thank very much.
I’ll try. Any problem I consult.
Thanks
Excuse my language. I’m from Canary Islands
I’m scripting with AutoIt and received a sort of message about the program itself. It’s not a virus.
I’ll try and comments any problem.
Thank a lot.
There are regularly hits on AutoIt and complied scripts because it is frequently used to script some malware attacks. So make sure you have the latest version of AutoIt, you may need to upload a couple of these compiled scripts to virustotal and send a sample to avast if confirmed an false positive as in the link I gave for reporting and excluding.
Though excluding specific compiled scripts might be a pain, if they were all in the same folder you could probably use the wildcards to exclude the folder and compiled scripts, e.g. C:*\AutoIt-Script-Folder*.nnn, where nnn is the file type of the autoit compiled scripts.
Esgrimidor, I use AutoIt also (I think it’s the best macro or simple program maker of Windows).
Indeed a false positive. Report it through the virus alert message.
If you need further help, just let us know.
A few minutes ago I have a false alarm with
imageshacker.exe
This is a simple program for images
http://img56.imageshack.us/img56/8265/greenshot20081209013318yp5.th.jpg
http://img56.imageshack.us/img56/9536/greenshot20081209013427yz4.th.jpg
Then follow the instructions in my first post, Reply #2 of this topic.
http://img339.imageshack.us/img339/1130/greenshot20081214181938km0.th.jpg
http://img166.imageshack.us/img166/1796/greenshot20081214182016ur8.th.jpg
English
Happen the same in any case. resident protection exclusion or scanner exclusion. I received the same message.
It’s normal or it’s possible to put away this message ?
Thanks
Excuse my language. I’m from Canary Islands
Spanish
Me sigue pasando lo mismo, aunque no se si es lo que debe llamarse exclusion de la protección residente o la exclusión de la protección por escaneo.
Lo cierto es que me posiciono en la carpeta afectada e imageshack me sigue saltando como un falso positivo.
No hay forma de que al entrar en dicha carpeta no me pase ?
Can you check it against www.virustotal.com ?
If it is a false positive, I hope they correct it soon.
I don’t understand
If is a false positive I can’t put away ? I need virustotal for something ?
I don’t understand.
I follow the two systems with no results.
Avast! follow my orders ?
The results from Total Virus :
Este es el resultado completo de analizar el archivo “imageshackert.exe” que VirusTotal ha procesado con fecha 15/12/2008 00:46:42 (CET).
[ datos de archivo ]
[ resultado del analisis ]
AhnLab-V3 2008.12.12.2/20081214 no ha detectado nada
AntiVir 7.9.0.45/20081214 ha detectado [tr/Drop.Agent.aacv]
Authentium 5.1.0.4/20081214 ha detectado [W32/Downldr2.EBXL]
Avast 4.8.1281.0/20081214 ha detectado [Win32:Trojan-gen {Other}]
AVG 8.0.0.199/20081214 no ha detectado nada
BitDefender 7.2/20081215 no ha detectado nada
CAT-QuickHeal 10.00/20081213 no ha detectado nada
ClamAV 0.94.1/20081214 ha detectado [trojan.Downloader-51876]
Comodo 754/20081214 ha detectado [trojWare.Win32.TrojanDropper.Agent.~AHG]
DrWeb 4.44.0.09170/20081214 ha detectado [trojan.StartPage.21584]
eSafe 7.0.17.0/20081214 ha detectado [Suspicious File]
eTrust-Vet 31.6.6258/20081212 no ha detectado nada
Ewido 4.0/20081214 ha detectado [Downloader.Delf.aup]
F-Prot 4.4.4.56/20081214 ha detectado [W32/Downldr2.EBXL]
F-Secure 8.0.14332.0/20081215 ha detectado [trojan-Dropper.Win32.Agent.aacv]
Fortinet 3.117.0.0/20081214 ha detectado [PossibleThreat]
GData 19/20081215 ha detectado [Win32:Trojan-gen {Other}]
Ikarus T3.1.1.45.0/20081214 ha detectado [Virus.Win32.Agent.aj]
K7AntiVirus 7.10.553/20081213 ha detectado [trojan.Win32.Malware.1]
Kaspersky 7.0.0.125/20081214 ha detectado [trojan-Dropper.Win32.Agent.aacv]
McAfee 5464/20081214 ha detectado [Generic Downloader.x]
McAfee+Artemis 5464/20081214 ha detectado [Generic Downloader.x]
Microsoft 1.4205/20081214 no ha detectado nada
NOD32 3691/20081214 ha detectado [probably a variant of Win32/TrojanDownloader.Agent]
Norman 5.80.02/20081212 no ha detectado nada
Panda 9.0.0.4/20081214 no ha detectado nada
PCTools 4.4.2.0/20081214 no ha detectado nada
Prevx1 V2/20081215 ha detectado [Worm]
Rising 21.07.62.00/20081214 no ha detectado nada
SecureWeb-Gateway 6.7.6/20081214 ha detectado [trojan.Drop.Agent.aacv]
Sophos 4.36.0/20081214 no ha detectado nada
Sunbelt 3.2.1801.2/20081211 no ha detectado nada
Symantec 10/20081215 no ha detectado nada
TheHacker 6.3.1.4.188/20081214 no ha detectado nada
TrendMicro 8.700.0.1004/20081212 ha detectado [trOJ_DLOADER.VUO]
VBA32 3.12.8.10/20081214 ha detectado [trojan-Downloader.Win32.Delf.jtv]
ViRobot 2008.12.12.1515/20081212 ha detectado [trojan.Win32.Downloader.302592.B]
VirusBuster 4.5.11.0/20081214 no ha detectado nada
[ notas ]
packers (Authentium): UPX
packers (F-Prot): UPX
packers (Kaspersky): UPX
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=2e89343bdc501d94b0f6c47df5d07e28
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=138AE129008D9CA39E4B04062FE04E006A90F55B
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=2e89343bdc501d94b0f6c47df5d07e28
I don’t think it’s a false positive… seems really infected.
But, don’t
Sorry. I’ll revised all accordingly to your advice.
I really don’t know. I’ll try this program directly from the author web. I don’t remember this download.
I decided take your advice.
Finally this program seems not to be of imageshack.us .
Appear imageshackert in several download pages , but i don’t remember where i download… … … …
I have deleted. I have other similar utilities like shup, rightload, imageshack for firefox, etc.
Thanks
Excuse my language. I’m from Canary Islands
http://img72.imageshack.us/img72/9154/greenshot20081216080943yh1.th.jpg
http://img72.imageshack.us/img72/4232/greenshot20081216080925er1.th.jpg
http://img72.imageshack.us/img72/8697/greenshot20081216080544ib3.th.jpg
http://img72.imageshack.us/img72/2149/greenshot20081216075023ub4.th.jpg
http://img72.imageshack.us/img72/7183/12162008075203qx2.th.jpg
http://img72.imageshack.us/img72/6482/greenshot20081216081008fi4.th.jpg
http://img339.imageshack.us/img339/1130/greenshot20081214181938km0.th.jpg
