Yesterday July 13 Avast home detected Reg Organizer (a registry cleaner I have been using for years) as a virus. There us no doubt this is a FP. I have sent the detected file to Avast and am awaiting a fix. I cannot run reg organizer until there is a fix. This is my first FP and I have been using Avast for about two years. Reg Organizer is not well known but if anyone here runs it with Avast, please let me know.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Thanks DavidR. I followed your exclusion instructions and Avast no longer detects it. I also scanned it at Virus Total and it was detected by 10 out of 33 AVs.
I don’t see how organizer.exe could be malware. I have run it hundreds of times since I first installed the cleaner, Reg Organizer. I have not changed the file in any way.
I use True Image and what I will do is wait for Avast updates, then I will restore an older image dated before July 13. Avast will update automatically and then I’ll try to run Reg Organizer. If it runs, problem solved and then I would restore the latest image. If no solution can be found then I will just leave organizer.exe excluded forever.
There are many “Microsoft Most Valuable Professionals” who advise AGAINST
using a “registry cleaner” on the newer Operating Systems; the Ones who
help people fight malware problems on the Aumha Support Forums are
definitely against using them . You might be interested in WHAT they have to
say at http://aumha.net/viewtopic.php?t=28099 !?
You should still send it to avast as outlined in the link also, that is truly the only way to resolve an FP (if this is truly what it is), which will help other avast users if they happen to use reg organiser (contrary to the Microsoft MVPs ;D opinions, which personally I don’t hold with, not that I’m an MVP ;D).
The simplest and safest solution whilst the jury is out (10/32 detections) would have been to stick the reg organiser file in the chest (you should be able to survive without it for a short time), where it can do no harm. Periodically scan the copy in the chest (after VPS updates) and when it is no longer detected, restore it. Much less hassle than having to use True Image.
No problem, I have Drive Image and even though that is quick, we often forget the easier solution, even though you probably didn’t realise you could scan within the chest.
[quote author=Bob Anderson link=topic=37090.msg310424#msg310424 date=1216077263]
DavidR:
I have sent organizer.exe directly from the chest to Avast to their virus address yesterday July 13th.
Good point about scanning the copy in the chest. That would be simpler than doing a restore from TI.
Hi Guys… this is my firt question on the forum. I have this trojan ? Win32:spyware-gen (TRJ) when I scanned with Avast, but I am wondering if it is a false positive also. Have you had any reply/news from Avast yet ? - I have mine confined in the chest and all the rest of the workings of the PC seem to be OK.
What file triggered Win32:spyware-gen (TRJ) ? The latest update today 080718-1 does not solve the problem for my file ‘organizer.exe’, but I have it excluded from scanning.
Bob…
This problem was on a friends PC but today I was over there and he had deleted the file from the chest !!! ???
However, I think it was from a temp file in the cookies section on his I.E.
I scanned with Avast and all was clear of ‘nasties’ - I also scanned with Malwarebytes and SuperAntiSpyware and again all is clear and clean.
Sorry I cannot help with anymore information as I have not been able to send the offending file for verification of being an FP (due to my friends rather hasty action of deleting it !!)
Hope you get yours sorted soon - I will keep an eye on it.