Lots of false positives the last 3 days

The following tools i use for remote administration and where falsely identified by avast home edition as infected:

XCMD.EXE
PSEXEC.EXE

I am not amused when my virusscanner starts deleting important tools which are completely legal and have been widely used by lots of people for years now.
If you guys recently have changed your policy regarding remote admin tools, please do tell me, because i will be definitely be changing to AVG if that is the case.

:frowning:

Please correct this A.S.A.P.

Ruud

I donā€™t see the deep reason to judge an antivirus for the complete absence of false positivesā€¦ You can go to AVG and you will lose avastā€¦ get less support, has a poor update method, etc.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ā€˜aā€™ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add buttonā€¦ You can use wildcards like * and ?. But be carefull, you should ā€˜excludeā€™ that many files that let your system in danger. After that, please, periodically check it - scan it into Chest, right clicking the file - there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

Can you send the samples to virus@avast.com ?
You can zip and password the filesā€¦ Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.

Thanks. Welcome to avast forums.

Another argument in favor of a ā€œPossibly Unwanted Programā€ detection category.

You donā€™t mention what the malware name is associated with the files ?

avast isnā€™t the only AV/anti-spyware to detect this, the problem being it is a tool which may possibly be used for good or evil.

Call it either a false positive or a mis-clasification.

psexec.exe is a launch tool from sysinternals used to launch processes on remote machines

AVG nor any other AV is immune to false positive detections. avast has on a number of other tools put the suffix [Tool] on the malware name to indicate that it is a tools, which if you installed it then it is likely to be OK, but if you didnā€™t install it then it could be malicious, the problem is avast canā€™t tell what the intention is.