if file is detected by any other antivirus too (like Kaspersky), than its most probably not a false positive. Treat it with caution.
false positive files are usually detected as: Win32:Trojan-Gen
(this usually happens because of generic detection)
if scan still shows that only avast! detects the file, then it could be a virus detected only by avast!. If you think that it’s still a false positive,then follow the next step:
Pack the “infected” file into ZIP archive and lock it with password “virus” (without quotes) and attach it to e-mail.
Write the same password inside mail body, so Alwil virus analysts will know the password right away without guessing.
You can also add web address to that file (or webpage of the file/program) if it’s on the internet.
Add your own note on why do you think that it’s a false positive. Every info helps Alwil staff. Send the mail to: virus@avast.com
You’ll probably get a reply mail about file info (if it was really a false positve) after some time.
If not, check the file with Explorer extension when new VPS is released.
This way you’ll know if the false positive was fixed.
Until then, you can add the “false positive” file into exclusions:
Left click on “a” ball next to the clock and select Standard Shield.
Click Customize… and select Advanced tab.
Now just enter full path (path plus filename with extension) into the line and press [Enter] on keyboard.
This will exclude the file from scan, so you can use it untill false positive is resolved. Do this with caution or if you’re 100% sure that the alert was false positive for that file.
Alwil staff deals with false positives very fast, so they are usually fixed on next VPS update, or even immediately if the false positive is found in any widely used program.
Try to address false positives directly to Alwil virus submission mail and not here on forums. This way the false positive is solved faster.
Exclusions continued:
You will also need to add this to the avast! Program Settings, Exclusions section so on-demand scans don’t pick it up either. Right click the avast icon, select Program Settings, Exclusions, Add and type the path to the file to be excluded. You can use the * wildcard to shorten the path, e.g. C:*\foldername\filename, etc.
There is another aspect to FP’s that we have to consider. Did you put it there yourself?
If you put wget on your computer yourself, with or without the gui, this could be flagged as malware (riskware), but it is normal software, that you can even use to safely analyze webpages. If it was put there without you knowing this, it could be used as a hacking tool or to upload malicious content onto your machine.
As in the real world: you can use a hammer to build something nice, or to clubber someone over the head. FP’s can be FP’s or not, just from this point of view as well.
In doubt ask our forum or investigate using google.
With riskware the lines become a bit shady and grey. Some even flag animations as virus, because people could think it was real and get a heart attack from it.
So an alert, your harddisk is now being deleted, 1…2…3. While others would say, it is a joke. This is called Jokeware, and sometimes clearly a FP.
We can’t second guess the reason why a person thinks it is a false positive, especially in the case of a tool that can be used of evil as well as good avast can’t determine intent. avast isn’t in the business of waiting to see if you will use the hammer for good or evil, it might be too late then.
Not too long ago the UK police shot dead a man who had a wooden table leg in a bag, someone thought it was the butt of a shotgun sticking out of the bag and phoned the police. Fear that if you wait too long you might be killed was I believe a huge factor in their opening fire and a court cleared them of blame.
That is after all why they are reporting the FP and they usually give their reason for thinking it a FP. If they indeed installed the file/program, etc. that is why we give the option to exclude it, but you have to investigate it first and that is true of all possibly false positives, otherwise why would the user think it a false positive.
It is also worth considering should also investigate ALL detections to ensure that it was indeed correct, I would but then that’s just me ;D
You can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
This is more or less about files giving false positives… What about websites?
I have a site I am trying to view, I am in contact with the owner and builder and he assures me it is safe, and several other people whom I am in contact with have went there and no one has had issue with their AV except me. The owner also says he runs Avast and it doesnt give him a warning when trying to view the same page.
Page I am trying to look at it: http://www.johndorrill.com/ls/index.htm
Thanks
Well this should really be in a topic of its own as this one is for reference e.g. how to report false positives.
However, in the case of an alert on a web site where you have no file to send, you send the email without an attachment, but including the suspect URL and all the other details previously mentioned.
There would appear to be more to this as I can’t get to the page to check it nor can any of the scanners I use to check.
Error
Can’t fetch file pointed by your url. This may be caused by several reasons:
* Remote file is not available (not found, requires authentication, permission denied)
* Remote site is down, or very slow, or busy
* No network connectivity between Dr.Web online server and remote web-site
* File too big</blockquote>
So please take this to a topic of its own in the Viruses and worms forum and we will try to help.
I bought a game from the steam store yesterday called “Fate of the World” and I have been unable to play, the reason apparently being a false positive type of situation with my avast anti virus the free version.
Is this report enough? here is the log of the error i received, I don’t know if you’ll be in need of it or not but still…
Fate of the World 1.0.8
uncaught exception (std::runtime_error)
SHGetFolderPathAndSubDirA failed
Essentially there is nothing we can do based on the information that you have provided, which is why we suggest you conform the detection at virustotal.
If then it is considered a false positive then the ‘physical samples’ need to be sent to avast for analysts.
Given what you are saying, it doesn’t appear that avast is even alerting ?
So not really a false positive, so posting in this very old tutorial topic on how to check/treat what you might consider a false positive is very misleading.
It is a rar file containing some files, including an exe file (the game trainer executable).
When the Avast shields were on, the file download always gets interrupted at around 99%.
I was using Chrome. Thinking that it was a browser bug, I tried to download using IE9 and Firefox 5. Same problem.
Trusting my astute gut instincts, I disabled the Avast shields for 10 mins, and lo and behold, the download completed successfully. The contents of the rar file were also extracted successfully. Of course, scanning that exe file with Avast produces the ‘threat detected’ message.
Please communicate to your developers to thoroughly test and whitelist such non-malicious files in future versions of Avast. For starters, go to http://www.gamecopyworld.com/ - there’s plenty of material there for you to test out.
).