i sent a file in to be checked for being a false positive…i know this is a safe file…its being blocked from loading…how do i know when and if this file will be safe to load without trying to load it all the time
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
alternative
Jotti http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
What is the malware name, the infected/suspect file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
How do you know this is a safe file (safe files can get infected too), so that is why confirmation using virustotal as mentioned by Pondus is important.
####
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
@@@@
- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the * to \file_name.exe where file_name.exe is the file you want to exclude.
i sent the file in to avast to check out…i also sent it to virustotal…im waiting for a reply…ill post the URL here when i get it
you are not getting a reply from virustotal…
it will scan the file and then you see the result in your browser like this…
eksample posted
http://www.virustotal.com/file-scan/report.html?id=7b4d25651a9a4e4c00d348eb78cf3a1a
this is what it reports
heres the original report
then you click reanalys to get latest result
http://www.virustotal.com/file-scan/report.html?id=c3c715ec52bb90143e92a3605945ecdccbed71853fc1e8e5392bbef9d7916b33-1314040893
sigcheck:
publisher…: Yazak
copyright…: (c) 2011
product…: Avatar Selector downloader
description…: Loads Avatars from web sites for use with Yazak chat program
original name: AvatarSelector.exe
internal name: AvatarSelector
file version.: 1.21.0002
comments…: Disenabled C7 as site closed
signers…: -
signing date.: -
verified…: Unsigned
does look like it can be a false positive…
i would upload it to Avira as a false positive case ( see dropp down menu ) and the wait for result before i trust it
http://analysis.avira.com/samples/
it may take a day before you recive the answer
like i said…i already uploaded it to avast…why would i want to upload it to avira?
if you want a reply with a analysis result…avast will not reply, so you just have to wait and see when they dont detect it anymore
Prevx file info
http://www.prevx.com/filenames/X266624105821813054-X1/AVATARSELECTOR[1].EXE.html
File Name Aliases:
AVATARSELECTOR[n].EXE
AVATARSELECTOR.EXE
i cant believe that avast is sending me to avira to find out about a false positive…no less that avast wont even send me a reply saying that the file is a false positive and will be allowed in a future update or the file is infected…i just got rid of avira because of the ask toolbar…now i guess ill get rid of avast…i dont want to have to play a guessing game with a anti virus program
It isn’t avast! sending you anywhere, but an avast user trying to help another avast user if they want confirmation other than what is given on virustotal.
Whilst there are 8 detections on VT, 2 are avast and 1 is gdata (which uses avast as one of its two scanners); so that is reducing it to 6, all of which are either generic or heuristic, which are more prone to FP.
Avast are usually quick to correct any false positive once analysed, but they normally don’t contact you about your submission unless they need more information.