Google Video Player False Positive?

I’ve been getting the following virus notice today and wondered if anyone else was seeing this:
8/23/2006 9:21:58 AM SYSTEM 1100 Sign of “Win32:Pakes-CH [Trj]” has been found in “C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe” file.

This had not been previously identified by Avast, and I’ve not been able to duplicate the trip with any online AV product. Seems to be a false positive. I tried to do the exclusion stuff, but it doesn’t seem to take (still gets blocked when I try to run the player). Do I need to do a restart of vast/system to have the exclusion work?

You probably didn’t add it to the Standard Shield (on-access scanner) exclusions.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives

I too just got this today. I think it’s a false positve. My VPS version is 0634-1, 08/23/2006.

edit: I got the player from http://video.google.com/playerdownload

Confirm using the multi engine scanners given and send it to avast if confirmed, that way it should be corrected.

I’m getting the same false positive for Google video player.
When I try to send it via the chest as you suggest, I get the following message:
The following file cannot be sent by email:
GoogleVideoPlayer.exe (FileID: 24)
The file is bigger than the limit: 1024 kB

Zipping it does not help either. But like the others I installed this directly from Google - there is no question that this is a false positive.

Wasn’t this corrected by the last VPS update?
http://forum.avast.com/index.php?topic=23078.msg190430#msg190430

Also see this topic re GoogleVideoPlayer and this post in particular http://forum.avast.com/index.php?topic=23077.msg190411#msg190411 it should have been corrected or very soon.

It seems to have been corrected. I was not able to send in the file due to other work commitments, and temporarily solved the issue of avast not seeing google video player in the exclusion list (both the standard and other one (can’t think of it right now)) by having it sent to the chest until the update was made. I then moved it back out and all is well. Thanks for the troubleshooting thoughts! Still a happy Avast user. :slight_smile:

Your welcome, glad that we could help.