Avast with the latest vps(000708-0) is showing leaktest.exe from grc.com to be Trojan.
This is just a heads up to everyone as I’ve already sent it to avast as a false positive.
Ditto.
The same happened to me and I moved it to the chest; so what now? I was planning to delete the file.
Do I have to go back to grc.com to download Leaktest again? Megaman
Hey megaman, you can restore the file from the chest, but you might want to wait until Avast gives us a new vps that deals with this false positive.
You could do as marc57 suggests or add it the on access exclusion until it doesn’t test positive any more.
Left click the “a” icon, click on the standard shield, customize button, advanced tab. Use the browse button to add it.
You can then test the copy in the chest(a copy will remain after you restore it). When it’s clean remove it from the chest and exclution. Note until avast includes it, it will show as infected if you do a on demand scan, uunless you also exclude it there.
You can do this with any file that avast detects, just be sure to submit it virustotal http://www.virustotal.com/xhtml/index_en.html to confirm it is in fact clean. Do not assume any file is clean.
Any Leak Test is trying to circumvent your firewall so might well be detected, if you know it is a leak test file no problem, exclude it. I have a folder that I place my exclusions in, e.g. (D:\zz-avast-exclude*) so I don’t continually have to add a new path to them, so if one of my tools of leak test samples, etc. is suddenly detected I send it to my exclusions folder.
Personally I don’t feel it wrong to detect leak tests, it draws it to your attention, but I feel the malware name should reflect what it is and in this case “Win32:Trojan-gen” a generic detection doesn’t do that.
Update: This has been fixed with the latest vps (000708-1).
Wow, that is probably one of the fastest VPS correction I have seen on the forums.
Well, you might have noticed that the previous VPS update was rather huge (something like 450kB) - a lot of Trojan-gen detections etc.
So, the virus guys were expecting some false positives and waiting for them to fix.
If, however, the leaktest.exe was the only one… then it was a surprisingly successful update, considering the number of detections added.
Yes I did notice it was quite a large update, I too suspected we might see a few.