[False-Positive] Malicious URL blocked

Viruses and worms
1

Hello, your program is blocking www.elvensoft.net and keeps deleting our macro program NeoBot.exe. There’s nothing malicious about the two. Is there a way to add them both to a universal safe list?

2

There is not a “safe” list.
avast team should correct the false positive though.

3

VirusTotal reputation scan - 1/6
http://www.virustotal.com/url-scan/report.html?id=89b1b354a5c72e0a7c6b683c06f13278-1295632393

URLVoid - 2/18 - SUSPICIOUS
MyWOT SUSPICIOUS
TrendMicro Web Reputation DETECTED

Malwarebytes PRO also block the IP

VirusTotal - NeoBot-2.3.3.exe - 7/43
http://www.virustotal.com/file-scan/report.html?id=d5e5cdfc1c8b6094e383ff689682766c524fd34fefbd4ea7abe47e78d7470483-1295637436

4

There is a new on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.

  • If you are reporting an FP, then you get another input filed open, click Browse button and navigate to the file you wish to submit.

Yes, both the neobot-2.3.3.exe and the neobot-2.3.3update.exe versions of neobot.exe are detected.

Edit:
Avast isn’t alone in this detection, but most are either generic detections or unspecified, plus gdata also uses avast as one of its two scanners, so you should send it for further analysis and correction as required. http://www.virustotal.com/file-scan/report.html?id=03e74e92788fdeeff4c65c1f99ec1a833da83ef4a3ae9f72abeb02152a3aa800-1295634650.

5

We all know it’s been detected…

I just needed the info to report the false positive.

6

same thing happening to me, have u found an answer, cant use neither the program or log into the site as well. ???

7

Which is what I have just given to you in the first paragraph of my reply.

Edit: I tried to submit the file using this but it is considered too large at over 3.2MB, so another option for you is to email the sample.

Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject. You can also report the possible false positive in the network shield in this email and ask for it to be reviewed again.

8

Hello,
url detection will be fixed in next VPS.

9

Thanks for the response Jan, did you also get the FP submission on the neobot.exe file I submitted.

10

Thanks for the quick response, i’ll let you know if there’s still any problems after.

11

avast detection removed

VirusTotal
http://www.virustotal.com/file-scan/report.html?id=d5e5cdfc1c8b6094e383ff689682766c524fd34fefbd4ea7abe47e78d7470483-1295716454