I use Cain & Abel on my system for intrusion detection and also to help stop DoS attacks from Oxid.it. Avast keeps telling me it’s a virus. I rescanned it with Trendmicro, AVG, Clamwin and it does not appear as a virus to those (except ClamWin) but with ClamWin I can create a whitelist to allow it. Or will I have to uninstall Avast and use something else? I use Avast for the ease of the VDB updating and the web protection.
Send it to virus (at) avast (dot) com in a password encrypted archive and write in the subject for the email “False Possitive”
Al968
Once you are sure it is a false positve, you can add it to the exclusion lists.
On demand, right click the “a” icon, select program settings, exclusions
On access, left click the “a” icon, select standard shield, customize button, advanced tab.
It seems like this program has popped up before, can’t remember if that user submitted a sample or not.
Welcome to the forum.
Setting the exclusion list didn’t help now it went from suspicious to malware by doing that. I have all of the files that it uses (i.e. ones that are considered “dangerous”) in the exclusion list as well as the associated DLLs but when I added them to the exclusion list, it told me the threat was higher. What are the steps for sending this in for a false positive. However Cain does use protocols that can actually be considered harmful because it can scan your SAM files for password recoveryas well as packet sniffing.
Adding to the exclusions shouldn’t change the type of detection and had you added the file to the correct exclusions it wouldn’t be scanned period.
So did you add it to both exclusions on-demand and on-access as oldman stated ?
If so can you post the exact text path you entered in the exclusion lists ?
What is the malware name, infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
That is the problem with tools that can be used for good or evil the AV doesn’t know intent. I have a folder on my system were I keep such tools and malware samples which I exclude from all scans, this is easier than adding individual files to exclusions lists. So if it is sent in as an FP rather than to change the malware suffix to [Tool] as there are a number of such classed as tools.
If you are getting a virus warning that you believe is a false positive or misclassification, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (after adding it to the User Files section of the chest).
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive or misclassification and include the password in the body of the email and a subject od Possible False Positive. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
If this is the same program http://forum.avast.com/index.php?topic=26012.15
The path ended up being
d:*\cain\cain.exe (subtitude your drive instead of d:)
Thank you, that worked better. I was forgetting to add the path as well as the file name. That seemed to work.
No problem and you are welcome.