False positive

http://www2.gmer.net/mbr/mbr.exe

is labeled as Win32:Crypt-CZU [trj]

Avast makes me abort the connection.

This tool is MBR by well-known company GMER, meant to fix MBR Rootkit.

Not only well known but well respected and Alwil use the GMER technology in the anti-rootkit element of avast (I can’t recall if they bought out the rootkit element or the company).

I suspect it is an FP, I take it this is a master boot record tool ?

Well I paused the web shield to get it down and have uploaded it to virustotal.

http://www.virustotal.com/analisis/99dfc1fde55de03552eea863c97c2eea

Although there are multiple hits 9/36 most are suspicious (heuristic), generic or packer method, etc. So I still think it could be an FP and should be submitted to avast.

I have tried using the new submission method in the alert window.