Fasle Positive?

Appreciate your opinion here…

Apparently very reputable site… http://www.msnmonitor.com/index.htm They have a product called MSN Monitor & Sniffer which, if I attempt to download produces a warning, screenshot attached…

Appreciate your views on this…the site itself doesn’t cause any problems by the way, it’s only when you choose to save the file.

Thanks.

Yes, seems a false positive… but, to be sure, please submit it to JOTTI or VirusTotal and let us know the result.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be carefull, you should ‘exclude’ that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file - there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

Well something that monitors or a sniffer might possibly be used for a different, non-standard or malicious purpose, this may have been what triggered the alert. Confirm using Virus Total and Jotti as suggested.

Virus Total gives me this…
Jotti rells me the file is 0 bytes and refuses to do anything… >:(

…got Jotti to work…see attached…

Usually a zero 0 byte size indicates you tried to upload it from the virus chest which is a protected folder that won’t allow outside access.

I assume that was why it didn’t work at first.

Whilst others also detect this, they do it in what I would say is a better way by reporting it as a net tool, but that doesn’t I feel place much emphasis on the potential if it weren’t being used by a legitimate program in legitimate manner. You are the only person that can truly decide that and set-up the exclusions as mentioned by Tech.

You could send the sample to virus@avast.com zipped and password protected with password in email body and possible false positive in the subject. avast would then decide if they feel it is correct, I would suggest you put a link to this topic in the email.