I have a program avast detects as a virus and I know for a fact it is not a virus. is there any way to mark it as safe?
avast! User Guides and Manuals
http://www.avast.com/eng/download-user-guides-and-manual.html
page 40 in the user guide
It would be a better idea to report it to ALWIL, then then can correct the false positive.
What is the filename and path that is being detected?
It would be a better idea to report it to ALWIL, then then can correct the false positive.+1.....absolutely, and upload it to VirusTotal http://www.virustotal.com/
come back and post the result link here
I did that but my Resident scanner is detecting it and not letting me open the file.
File l4d2-AdmiralDeath.exe received on 2009.11.24 23:51:17 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.11.24 Virus.Win32.Trojan!IK
AhnLab-V3 5.0.0.2 2009.11.24 -
AntiVir 7.9.1.70 2009.11.24 -
Antiy-AVL 2.0.3.7 2009.11.24 -
Authentium 5.2.0.5 2009.11.24 W32/Downloader.X.gen!Eldorado
Avast 4.8.1351.0 2009.11.24 Win32:Malware-gen
AVG 8.5.0.425 2009.11.24 -
BitDefender 7.2 2009.11.25 -
CAT-QuickHeal 10.00 2009.11.24 -
ClamAV 0.94.1 2009.11.24 -
Comodo 3024 2009.11.24 -
DrWeb 5.0.0.12182 2009.11.24 DLOADER.Trojan
eSafe 7.0.17.0 2009.11.24 -
eTrust-Vet 35.1.7140 2009.11.24 -
F-Prot 4.5.1.85 2009.11.24 W32/Downloader.X.gen!Eldorado
F-Secure 9.0.15370.0 2009.11.24 -
Fortinet 4.0.14.0 2009.11.24 -
GData 19 2009.11.24 Win32:Malware-gen
Ikarus T3.1.1.74.0 2009.11.24 Virus.Win32.Trojan
Jiangmin 11.0.800 2009.11.24 -
K7AntiVirus 7.10.903 2009.11.23 -
Kaspersky 7.0.0.125 2009.11.25 Trojan.Win32.Buzus.cpxm
McAfee 5812 2009.11.24 -
McAfee+Artemis 5812 2009.11.24 -
McAfee-GW-Edition 6.8.5 2009.11.24 -
Microsoft 1.5302 2009.11.24 -
NOD32 4634 2009.11.24 -
Norman 6.03.02 2009.11.24 -
nProtect 2009.1.8.0 2009.11.24 -
Panda 10.0.2.2 2009.11.24 -
PCTools 7.0.3.5 2009.11.25 -
Prevx 3.0 2009.11.25 -
Rising 22.23.01.09 2009.11.24 -
Sophos 4.47.0 2009.11.24 -
Sunbelt 3.2.1858.2 2009.11.24 -
Symantec 1.4.4.12 2009.11.25 -
TheHacker 6.5.0.2.076 2009.11.23 -
TrendMicro 9.0.0.1003 2009.11.24 -
VBA32 3.12.12.0 2009.11.24 -
ViRobot 2009.11.24.2051 2009.11.24 -
VirusBuster 5.0.21.0 2009.11.24 -
Additional information
File size: 1334814 bytes
MD5…: 49a6631148f111753f15535c825f2476
SHA1…: 6f91ca71a057d0d7d7f39af6de3489d01c9cab09
SHA256: 4b8dc621f464594c31bce4342e329fdf9b47433a4b174d9968e93ee1442dac86
ssdeep: 24576:AJiPugXkgM7yFO/qi/NXNfGCjSLmwsNPd3RgGJBV1Ls2wBPUL:TuxyFO/j
Nd+CjS7sNlKGJBV1Ls2wB8
PEiD…: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000
timedatestamp…: 0x4b095414 (Sun Nov 22 15:09:08 2009)
machinetype…: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.code 0x1000 0x46d0 0x4800 5.35 012c9314f6d54657bb83f33d0e191eef
.text 0x6000 0xd29c 0xd400 6.45 d6b9e9c9daded3440087ca41f4a4625b
.rdata 0x14000 0x1818 0x1a00 5.01 24ab3126402f5ab459ad7c98e99b3004
.data 0x16000 0x120a24 0x11fe00 7.11 730b42cbd63afe09e6953a35916cfda8
.rsrc 0x137000 0x121a0 0x12200 7.72 de933d34a5eadd960152c6b1fe4d0393
( 10 imports )
> MSVCRT.dll: memset, sprintf, _strnicmp, strncmp, strncpy, _strdup, free, strlen, strcpy, log10, memcpy, fopen, fseek, fclose, strcat, longjmp, _setjmp3, ftell, malloc, fread, strcmp, exit, _iob, fprintf, getenv, sscanf
> KERNEL32.dll: GetModuleHandleA, HeapCreate, IsDebuggerPresent, GetTickCount, WriteProcessMemory, OpenProcess, VirtualAllocEx, CreateRemoteThread, WaitForSingleObject, GetExitCodeThread, VirtualFreeEx, CloseHandle, ReadProcessMemory, VirtualProtectEx, HeapDestroy, ExitProcess, GetModuleFileNameA, HeapFree, HeapAlloc, LoadLibraryA, GetProcAddress, FreeLibrary, Sleep, CreateThread, GetCurrentThreadId, GetCurrentProcessId, InitializeCriticalSection, GetCurrentProcess, DuplicateHandle, CreatePipe, GetStdHandle, CreateProcessA, EnterCriticalSection, LeaveCriticalSection, GlobalAlloc, GlobalFree, GetTempPathA, DeleteFileA, WriteFile, CreateFileA, GetFileSize, ReadFile, SetFilePointer, HeapReAlloc
> COMCTL32.dll: InitCommonControls, CreateStatusWindowA, InitCommonControlsEx
> USER32.dll: GetKeyboardState, GetAsyncKeyState, GetWindowRect, GetCursorPos, PtInRect, SetClassLongA, RedrawWindow, GetPropA, GetParent, GetClientRect, SendMessageA, InvalidateRect, CallWindowProcA, SetPropA, SetWindowLongA, DestroyWindow, BeginPaint, EndPaint, DefWindowProcA, LoadIconA, RegisterClassExA, CreateWindowExA, MessageBoxA, GetWindowThreadProcessId, IsWindowVisible, IsWindowEnabled, GetForegroundWindow, EnableWindow, EnumWindows, DestroyIcon, CreateIconFromResourceEx, CreateIconFromResource, GetIconInfo, ShowWindow, GetWindowLongA, ScreenToClient, SetWindowPos, UpdateWindow, ReleaseCapture, DrawStateA, SetCapture, GetSystemMetrics, RemovePropA, PostMessageA, GetWindow, SetActiveWindow, UnregisterClassA, DestroyAcceleratorTable, LoadCursorA, RegisterClassA, AdjustWindowRect, GetActiveWindow, CreateAcceleratorTableA, SetCursorPos, LoadImageA, SetCursor, MapWindowPoints, MoveWindow, SystemParametersInfoA, GetKeyState, PeekMessageA, MsgWaitForMultipleObjects, GetMessageA, TranslateAcceleratorA, TranslateMessage, DispatchMessageA, FillRect, EnumChildWindows, DefFrameProcA, SetFocus, GetFocus, IsChild, GetClassNameA
> GDI32.dll: CreatePatternBrush, GetStockObject, GetObjectType, DeleteObject, CreateCompatibleDC, SetDIBits, DeleteDC, GetObjectA, CreateDCA, CreateCompatibleBitmap, CreateDIBSection
> ADVAPI32.dll: GetCurrentHwProfileA
> OLE32.dll: CoInitialize, RevokeDragDrop
> SHELL32.dll: ShellExecuteExA
> URLMON.dll: URLDownloadToFileA
> WININET.dll: InternetGetConnectedState
( 0 exports )
RDS…: NSRL Reference Data Set
sigcheck:
publisher…: CheatHappens
copyright…: n/a
product…: Left 4 Dead 2
description…: n/a
original name: n/a
internal name: n/a
file version.: 1.0002
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
pdfid.: -
trid…: Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
Probably not a false positive from the VT results.
You still have not given us the file name nor path.
Oops CharleyO, he did give the file name but indirectly as it is in the VT results, l4d2-AdmiralDeath.exe; though I find no info on that or very little even on AdmiralDeath.exe on google searches.
Whilst there are a lot of detections most of them are generic detections which leaves some room for error. So I would send it to avast as suggested as a possible false positive.
You could also upload it to a more detailed on-line analysis tool, http://anubis.iseclab.org/?action=home and report the link to the results.
You are right, David, as I forgot to check the first line in the results and only looked at the detections.
Yes, but the lack of google results for that name or the modified name, certainly leaves more room for explanation as to what it is, if it were a popular program, then there would be many mort hits on the search.
Also looking at the Users forum name, AdmiralInman makes me think this might be something they created ???
So yet more room for input by AdmiralInman.
Hi,
I found this file in our DB, which is downloaded from wxw.cheathappens.com as some trainer. We will change the detection.
Milos