False positive - HP file

AVAST announced false positive yesterday with HPsysinfo.exe - detected as infected with Prorat-X [Trj]. I’ve already submitted this file to the virus team and restored the file.

Hopefully this should be sorted out with the new vdf. :slight_smile:

*internetstatic *

Yea thanks. I got that virus it caught in the Virus Chest, whats should i do? Should i restore it because I cant open that file. What did they tell about this?

Restore it for now. If you were to open the HPsysinfo.exe file again, AVAST would place it back in the Virus chest.

Let’s hope the next vdf resolves this problem.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a (new or undetected virus) false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives

I sent the file to AVAST the day the warning occured and the new vdf updated today doesn’t detect it as a Trj.

Hooray! problem solved. ;D

Thanks for the options David, will try them the next time something like this happens.

No problem, it is handy to be able to get a quick second opinion.

Yup, thanks man for the insight. If it was not for you i will delete the file. Thanks alot ;D