Hello first of all
I´m new here I hope my Post is in the right Place…
I sometimes get a false positive alert on DT-Pro cryptapi.dll, I wonder why doesn`t it come up every time I start my Computer…
How can I stop Avast from scanning this single file… and giving a false positive ???
If someone could answer in German this would be great… if not english is ok …
thx for your help
OK, found the way to avoid scanning… now I will try the other online scan…
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.
so what now positive or FP ???
I mean 22% of detection on this data is really not funny…, and why does it only come up once a while???
If it is a thread why isnt it detected on every scan ???
The file could be a replicant or using rootkit (hidden malware) techniques…
Maybe avast can only detect some variants of it? ???
I’m not sure, but can you send the file DT-Pro cryptapi.dll for analysis to virus(at)avast(dot)com ? Maybe they could check.
I would say there is a possibility it is an FP as the majority of those detections are by generic (-gen or .gen) or heuristic detection (suspicious) and are more prone to FP.
So send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
All of my computers, 2 Vista Ultimate SP1 (one 32 and 1 64 bit) , and 2 XP home SP3 detected this Win32LTrojan:gen this morning. This is following a virus database update last night. I think that with the update some heuristic changes are either undone or modfied in a way that creates false positive. That might explain with it sometimes detect them and others not.
Today the FP was in a a World of Warcraft directory. The file was reported as clean by some on-line single file scanner.