im having problems with loading some msn games.it says there is a trojan present.msn says the problem is with avast that its a false positive.does anyone know how to fix this.my avast protection is up to date

I belive we’ll need more info. Which file as detected,under which name (virus name) etc.
Be more specific.

Besides what RejZor said, submit the file to Jotti and let us know the results, i.e., if it is or not a false positive.

when i go to msn games the avast program says its malware
win32popcapload(trj)

You should add them to the exclusions in standard shield, that should stop the pop-up warning and enable you to send them to Jotti.
You may need to temporarily disable Web Shield when you have established the connection with Jotti (if you get a web shied warning).

As far as I know, the detected file indeed is some kind of downloader… honestly, I don’t know what to do about this one…

Just wanted to add my frustration to this thread. Using Avast 4.6 here is what I get when trying to download any game, Yahoo, MSN, etc

Filename:C:/windows/downloadedprogramfiles/PopCapLoader.dll
MalwareName:Win32:PopCapLoad[trj]
Malware:Trojan horse
VPSVerions 0527-1,07/07/2005

Hope some of the great minds here can come up with a solution…I’ve reached the limit of my little bit of knowledge. First first here…be gentle

If you send the file to Jotti,you’ll see that avast! is not the only on detecting it…

What do you want avast! to do? It’s an antivirus and it detects viruses… If you’re infected before installing avast (or you change avast! settings and reduced your security level) what do you think you get? :
We can’t be frustraded if the antivirus is doing its job

especially if that downloader is used also by “evil” side for bad things …

still want use it ? then exceptions are your friend (you need define exception both in webshield (source sites) and standard shield (local file) …

I found something strange.

When downloading popcaploader_v6.spl from yahoo, Avast’s webshield blocks it.
Scanning it after download and Avast says it is infected.
Submitting it to the Avast online scanner and it reports it as clean.

On Jotti:

• Kaspersky Anti-Virus > Found not-a-virus:Downloader.Win32.PopCap.b
• VBA32 > Found Downloader.PopCapLoader
• all others report it as clean (including Avast)

Hope this helps solving the problem.

What is the exact file path given in avast! warning? I mean, is it (shown) inside of an archive?

Igor,

it is a cab file that contains two files. I’ve sent two emails to virus@avast .com.
Subject of both mails is popcaploader_v6.zip
1st message is the cab file in a password protected zip.
2nd message has two download locations for the cab file.

If you want (to know) more, just let me know.

I have had the same problem. I had a file that avast detected as infected by win32: Crypto [Trj] ( or somthn like that…) and I submitted it to Jottis online scanner and
avast did not detect it in the results. wonder if they are updating avast’s scanner…

-Mario

Have patience peoples.

As I have written in my previous post here, the culprit has been submitted to Alwil.
I am sure they will look into it as soon as possible and that they will find a solution, one way or another.

If anyone has more information about this problem, please let us (and Alwil) know here.
Every peace of information is welcome.

ps:
There is no need just to report: “I have the same problem.”
The problem is known and people are working on a solution.

Ah, OK. I guess the Linux version (used on Jotti) doesn’t support CAB archives (i.e. it doesn’t scan their content).