False positive Win32:Doomber-C [Wrm] for Psinfo.exe

VPS version 0602-3, 2006-01-13 detects psinfo.exe (available from http://www.sysinternals.com/Utilities/PsInfo.html) as Win32:Doomber-C [Wrm] . This is incorrect.

avast home edition
build dec2005 (4.6.744)
toolkit version 1.9.4.0
activeskin version 4.2.7.3
vps compilation date 2006-01-13
version 0602-3

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus or false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives

perfect, thanks.

that “mini sticky” should be a real Sticky. =]

No problem, welcome to the forums.

Same thread here: http://forum.avast.com/index.php?action=display;topic=18657.0

I too get the Win32:Doomber-C [Wrm] detection for psinfo.exe

http://forum.avast.com/index.php?action=display;topic=18657.0

and so followed the “Mini Sticky” directions to exclude the file from scans.

However when I run a standard scan the file is still detected. Is there something else I need do to exclude the file?

.

The problem seems to be fixed with the latest VPS update(0602-4) :wink:

So it is. Avast should be commended for attending to the matter so speedily.

.

I also got a false positive with w32:doomber-c on WOL.EXE (Wake on Lan utility) with vps 0602-3. This software has been on my machine for months.

This also seems to have been fixed with the later VPS (0603-0) - I wasn’t online to update to 0602-4 so can’t confirm if this was fixed in that version.