I just loadet Google Sketchup from Google and installed it. I got false positive with Avast (4.7.869 and 0362-0)
"9.8.2006 9:00:02 Sign of “Win32:SCKeylog-I [Trj]” has been found in “C:\Program Files\Google\Google SketchUp\BsSndRpt.exe” file.
I tested that file in Jotti and Virustotal, Avast was the only program to find something.
Quote from Jotti:
“POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)”
EDIT: I could not send that file to Avast! because that function didn’t work, but it is easy to download from Google.
Files submitted to Jotti or VirusTotal are sent to the antivirus companies.
But you send the samples to virus@avast.com
Zip and password the files… Inform a link to this thread and the password used.
Thanks.
Not for false positives they aren’t, it is only for undetected samples that Jotti and VirusTotal provide feedback to the AV companies. So it is essential to send FP samples to avast.
By what ‘ourassi’ posted, they don’t every say anything is a false positive, you have to make that conclusion based on your AV being the only one to detect it and AV history. Jotti and VirusTotal don’t make a determination either way they just pump out the results and you decide. Just like hijackthis it just gives you information that you decide the action required.
“POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definitely accurate. Also, because of this, results of this scan will not be recorded in the database.)”]Quote from Jotti:
“POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definitely accurate. Also, because of this, results of this scan will not be recorded in the database.)”[/url]
If you password protect the zip file gmail CAN’T check it, that is the reason why we suggest that. If gmail are basing there scanning on file extension and not on file content then the anti-virus scanner isn’t up to much if this crude exploit can bypass the scan.
I would like to hope it didn’t get past and it is likely that it will have been sanitised/cleaned/deleted, etc. So it may not have got through.
It may well have been quicker, but you might notice that the people answering you here don’t work for Alwil but are avast users just like you. So effectively they haven’t picked up this thread.
That program (Google SketchUp) was loaded from official Google site.
My file that I send to virus@avast.com was password protected, but even though I had to change .zip to .png. Gmail doesn’t accept exe-files inside zip and you can SEE that exe even it is password protected. It was not a virus warning (that file was flagged as malware only by Avast from those 27 in Virustotal)
So just MAYBE it has went through? If course if Avast is checking incoming posts with own programs . . .
PS. I just tested with version 0632-1 and problem seems to be corrected, also in Virustotal.
