Hi All
I’v been using Avast for 2-3 months and have scanned many times, I updated the other day to 0507-3 scanned and it now picked up my Torrent file sharing program as a Win 32 Trojan-gen (does that mean a ‘general trojan’?)
It removed the .exe file AND the uninstall file, the program is Turbo Torrent and I have been using it for ages.SURELY THIS IS A MISTAKE IN THE VIRUS UPDATE ?
If not why has is just picked it up now ? AND if it IS a virus now that the 2 files have been removed is it still ok to use the program that DOES still work ?
This program states that it DOES NOT have any spie or adware with it yet AVAST now says the WHOLE thing is a virus, I am very confused !!
How can I tell if it really IS a virus ? Please help
Thanks,best regards
Andy ???
Hi Andyslogos,
Upload the file avast is saying is infected here: http://virusscan.jotti.org/
Then let us know the results so we can futher advise 
–lee
It removed the .exe file AND the uninstall file, the program is Turbo Torrent and I have been using it for ages.
No, avast warned you and you chose to delete it or you set your settings to delete.
If in doubt ‘don’t delete’ it leaves no other option. Moving to the chest does the least harm and allows time to investigate (like you are doing now), if it is a false positive warning it can be restored and later if there are no adverse reaction (like you are getting because of the deletions), then you can delete from the chest.
Having deleted it, this makes investigation, such as Lee mentions almost impossible, short of doing an install over your existing file sharing prog.
Oops, misread (keep doing that lately :-[), if you have deleted the file, then you can’t scan it of course, but as David said, you can always reinstall over your program again and check the file (if you so wish)
–lee
Hi Guys
I never said I’d deleted it 
I moved it to the chest as Avast recommended.Thanks for the link I didn’t know that.
Firstly I didn’t know how to upload it from the chest so I extracted the ‘virus’ to another folder first, was that correct ?
On the scan ONLY Avast recognized it as a problem NO OTHER SCANNER DID, it was listed as Malware and ‘found’ by Heuristic detection.
Hope that helps you a bit, I’ll wait from you for futher advice.
Thanks
Andy
Firstly I didn't know how to upload it from the chest so I extracted the 'virus' to another folder first, was that correct ?
In the virus chest it cannot be scanned, this is protection measure to stop the virus from starting up and spreading the infection ;), so extracting it and then scanning it was the only way :).
If only avast detected it, its most likely a false positive.
So this is what you should do:
Password protect the file with Winzip or WinRAR
Email it to virus@avast.com
In the email mention you think its a false positive, and also mention the password to open the file.
–lee
It removed the .exe file AND the uninstall fileTo me, if I remove something, I get rid of it (delete) moved, to me is much different.
You have to extract it in order to upload it to jotti as I believe it is encrypted in the chest.
You can move it back to its original folder and exclude it from scans in avast settings. Periodically check the file manually and you should see when avast updates the VPS so it is not detected incorrectly.
Actions:
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
Hi Gents
Thanks for the help and advice, the file is on it’s way to Avast when my Server finally ‘wakes’ up
One last point, since I’ve ‘extracted’ it from the chest the file is still in there, so presumably when it says extract it means COPY does it ?
Cheers
Andy ;D
One last point, since I've 'extracted' it from the chest the file is still in there, so presumably when it says extract it means COPY does it ?
I believe this is right
–lee
Hi
It just ‘dawned’ on me after I had emailed the ‘virus’ to Avast that the email scanner HAD allowed it to be sent and NOT noticed it as a virus.It is set up NOT to allow virus’s to be sent.
As a test I re scanned the file on it’s own, and yes it showed as a virus, I then ‘zipped’ the file re scanned, this time it showed as being ‘CLEAN’ !
I’ve tried the eicar test virus’s and Avast scans through the DOUBLE zipped file, so why doesn’t it scan through ‘my’ zipped file ?
Best reagrds
Andy ???
Scanning archived files here.
What program are you using to archive the files (and version)
What compression level (default?)
Are you using a password?
What version of avast are you using?
–lee
Hi Lee
Ah is it because of the password then ? Is that why you told me to put one on before I emailed it? I say this because I just ‘ran’ a little test…
I rezipped it using my ‘standard’ zipper (Just zip it) and Avast scanned through that ok,
As just zip it cant do passwords I zipped the email file with ‘7-Zip’ (standard compression & deflate method,what ever that is !) and Avast cant scan through it.
Avast version is 4.5 Home edition.
p.s I’ve been a little concered because Avast has never ‘picked up’ on a Virus while I have been ‘surfing’ my old AVG used to all the time, just reading one of the new posts on the same subject NONE of my blocked operations under ‘blocker’ were ticked either (also default) so I have now ticked them all, is this the correct thing to do ?
Andy
Ah is it because of the password then ?
Yes, no virus scanner can scan a password protected/encrypted file, as it doesn’t know the password
Is that why you told me to put one on before I emailed it?
Yes, with the password on, no other virus scanner along the way could remove the virus before it got to the avast virus labs.
'7-Zip' (standard compression & deflate method,what ever that is !) and Avast cant scan through it.
I have never tried 7-Zip myself, but i will check it out.
Avast version is 4.5 Home edition.
Today avast 4.6.603 came out, there are alot of extra features, i suggest you update then reboot (the retry any scans you did on 7-Zip files)
p.s I've been a little concered because Avast has never 'picked up' on a Virus while I have been 'surfing' my old AVG used to all the time, just reading one of the new posts on the same subject NONE of my blocked operations under 'blocker' were ticked either (also default) so I have now ticked them all, is this the correct thing to do ?
Well it is fully up to you what ones you tick, avast should ask you in the event that it blocks something like that.
BTW, the new avast 4.6.603 has a webshield which greatly improves malware detection while browsing (it does this by scanning HTTP traffic), if you want to test it, try downloading the eicar test file, you will notice you can’t
–lee
Hi Lee
Thanks for your help, your very clear on your explanations.Just of to update !!
;D
Andy
Hi
I just updated to Avast 4.6 and then rebooted my PC, I STARTED the new Web Shield and checked all the settings, it is set to scan ALL files with web & stream scanning.
I CAN STILL DOWNLOAD ALL THE EICAR TEST ‘VIRUS’S’ WITH NO INTERVENTION BY AVAST 
Doesn’t appear to be doing anything 
By the way my OLD AVG 6 would always have told me if I was downloading a file with a virus in it anyway, I just presumed Avast already did !
Andy
This is very strange, as i (and many others) cannot download a virus/malware because avast warns up, and in the latest version completely stops you.
What browser are you using (is it up to date)
What OS are you using (windows …)
–lee
More importantly what are your web shield, Internet Mail and standard shield settings?
Hi
Win 98 & Explorer 6, both up to date.Eveything is set on ‘Normal’ and the default settings.
I just tried on ‘High’ setting and Avast now ‘alerts’ me on the first eicar file (not zipped) it doesn’t on EITHER of the zipped ones.
Also when it alerts on the first it says ‘remove to chest’ and yet how can it when I havn’t even saved it yet ! Anyway which EVER button I click my PC just frezzes on ‘file download’ and I have to cntrl/alt/delete.
Lastly if I still wanted to download the file, say it was a specific item I wanted and I wished to ‘take the chance’ and remove the virus later how do you do that ? The only choices it seems to give are move or delete !
At least I know for sure now that it DOESN’T work when I’m surfing the net !!!
Andy :-\
‘Shutting down’ now speak to you later
Andyslogos,
If i try to download the any of the eicar viruses i get this warning:
http://img92.exs.cx/img92/5531/1st9it.th.jpg
If i disable webshield i get this warning with eicar.com (i was to press ok it would let me download it)
http://img92.exs.cx/img92/5805/2nd0qm.th.jpg
However i won’t get this second warning with the eicar.zip or eicar2.zip files because they are archived, however if you was to scan them or try to unzip avast it would warn you with the second message strait away
This is the same for the eicar.txt
Anyway which EVER button I click my PC just frezzes on 'file download' and I have to cntrl/alt/delete.
Are you sure your system is clean?
EDIT: BTW, i have just installed 7-Zip (7z) and archived a malware sample, i can comfirm my original thought that avast can scan 7-Zip archives (unless there passworded of course ;))
–lee
Hi Lee
Solved the problem, well to some extent !
In the help files it clearly states that Win 95 AND 98 have to be set up MANUALLY to get the Web Shield to work.
It tells you to use Proxy server and gives you the settings.
After doing that is it scanning now and I get the dialogue box of your first image that you showed on ALL the tests.
MY issue now is DO I WANT to use proxy server ? I’m not really to sure about it but have never used ‘them’ as there is no point to them and also they keep more info about your ‘tracks’ Am I ‘barking’ up the wrong tree and Avast settings have nothing to do with this ? I DIDNT need proxy with AVG.
As for it now scanning thats good but Avast ONLY giving you the choice of ‘Abort Connection’ in my opinion is ridiculous and not very good programing, as you say you can turn off the shield and close the dialogue box but ,god what a ‘drag’ Also doing this course of action is sometimes ‘upsetting’ Avast locking it up and giving me a ‘please report bug’ box !!
On a final note ,I said ‘to some extent’ well the new problem is now it’s all working I’ve set it all back to ‘NORMAL’ settings but when I re boot they’ve all gone back to HIGH !!! I cant win!
Hopefully this will sort its self out.
Anyway looks like I’m all ‘safe’ again ;D
Cheers
Andy