My friend keeps having one and shes getting annoyed with it popping up while scanning.
Are you sure this is a f.p.?
Have you checked it here?>>http://www.virustotal.com/
Soofly gets struck again?
What’s the file name and path?
Treating the problem rather than the symptom is the way to go here. First confirm the FP or Detection using VT as mentioned. If confirmed as an FP send the sample to avast for analysis (exclude if you accept the risk) and the detection is likely to be corrected (quickly). This helps all avast users.
You don’t say what version of avast your friend is using 4.8 or 5.0 ?
If 5.0:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
- In the meantime (if you accept the risk), add it to the exclusions lists (see note below):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Note: don’t exclude the folder this file is in but exclude the file (or it leaves too big a hole in security, copy and paste the full path to the file into the exclusions.
How would we exclude just the file if we have trouble finding it? Can you please post screen shots or an easy way to do it?
This file C://hp/bin/Killlt.exe keeps detecting everytime I scan on avast. Is this a FP?
Probably a FP. By the way, you probably should have started a new thread instead of posting under this thread.
http://h30434.www3.hp.com/t5/Operating-systems-and-software/Killit-exe/td-p/246320
http://forums.techguy.org/virus-other-malware-removal/562136-killit-exe-found-panda-active.html
Is it classified as a PUP when it is detected?
I don’t know if it’s classified as PUP or not. How do I check if it is?
What was the malware name given in the detection.
Did you enable scanning for PUPs in your scan ?
If so that is a likely consequence, as the purpose of the file could be used for good or evil.
I only saw the file name saying infection. Where do I go in order to have the PUPs turned off in my scan?
Is it better to have PUP on or off? I’m going to install Avast tomorrow to help her with it.
The default setting is unchecked, so personally I would suggest leaving the settings at their default settings until more familiar with the program (they provide a good balance between protection and performance). And even then don’t go changing any setting they you don’t fully understand.
Don’t forget for the most part these on-demand scans are going to be scanning inert/dormant files, should they be active the resident on-access scanner would scan it.
Seems that only folders and not files within them can be excluded.
For sure not. We can exclude folders as well as single (or multiply) files.
No, files also can be excluded.
You can either copy and paste the full path into the exclusions. Or when you select add dig down to the folder and select that. Once that has been added you can modify the path, changing the * at the end to \excluded_file_name.exe. Whilst the second option isn’t ideal not being able to drill down to file level, it is possible to exclude a file.
How do I choose just a file to exclude?
You can’t “browse” below folder level in the avast! GUI, but you can copy the file’s full path name from the “address” line in explorer into avast! where it says “enter path”.
So if we know the file name just type it in? Ok thanks.
Yes, but if it is a long path and file name it may be easiest to create it on the folder and then - After the entry is created, go in and Edit the entry, changing the * to \file)name.exe.
Or when creating the exclusion in the first place, copy and paste the full path and file name into the window.