msmoney.exe false report

Today avast reported my microsoft money 98 program (msmoney.exe) as a virus…I had to exclude it from my scans…this is the second false posative in 1 month (sfloppy.sys earlier this month)…is this common with this program…I used avg and avira before with no false reports…I really like the boot scan option and want to keep using this, but do these people know what they are doing?

What was the malware name given on the detection ?

Anything that you consider a false positive, shouldn’t just be ignored (avira speak) or excluded from scans (avast), that is shooting the messenger rather than treating the problem.

Confirm by examination (virustotal) that it is indeed an FP, if so send the sample for analysis and correction of the detection signature plus inclusion in a signature update. This helps all avast users.

You could also check the offending/suspect file at: [url=http://www.virustotal.com/][b]VirusTotal - Multi engine on-line virus scanner[/b][/url] and [b]report the findings here, post the URL in the Address bar of the VT results page[/b]. You can't do this with the file securely in the chest, you need to Open the chest and right click on the file and select '[b]Extract[/b]' it to a temporary (not original) location first, see below.

Create a folder called [b]Suspect[/b] in the [b]C:\[/b] drive. Now exclude that folder in the [b]File System Shield, Expert Settings, Exclusions, Add[/b], type (or copy and paste) [b]C:\Suspect\*[/b] 
That will stop the File System Shield scanning any file you put in that folder.

####
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn't hurt.

@@@@
- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below): 
[b]File System Shield, Expert Settings, Exclusions, Add[/b] and 
[b]avast Settings, Exclusions[/b] 

Restore it to its original location, [b]periodically check it (scan it in the chest)[/b], there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \file_name.exe where file_name.exe is the file you want to exclude.

I really think a non-system fp is better than a false negative due to lack of proactiveness.

Thanks for all the information david…I learned a lot from your post. I sent the the file to vt scanner and it came back virus free (I think)…her is the URL

http://www.virustotal.com/file-scan/report.html?id=088b858d175a93893023467a1639a32fd0e99a5d9ecfde1c1f00bc4055d918db-1325295904

It was reported as Win32:MalOb-IJ[cryp]

After I restored the file to it’s original location I did a file scan and folder scan with avast and it reported no virus

I also rescanned it in the chest and it indicated no virus…

Between the time the file was put in the chest and the time I rescanned it, avast was updated so I suspect the new update resolved the problem…

this is quite frustrating…

Historically, Avast! is really low on FP’s. You would be hard pressed to find anything to the contrary. 2 in one month is way over the typical amount for a user, 2 in one year would be closer to the average (if that). So you have had a run of bad luck, but this is not standard.

You’re welcome.

For a popular program/file like that the chances are that someone will have already reported it and submitted the file, but I always suggest submission to ensure it gets resolved.

Whilst FPs as infrequent as they may be are a pain, which is why sending to the chest the default action (rather than deletion) is important as you at least have other options (analysis, report, restore, etc.).

The sfloppy.sys FP was somewhat different as that was an anti-rootkit scan on a file (XP systems) that was hidden and unsigned driver. Had you scanned that file in a routine scan nothing would have been detected (as seen in the various topics at the time) and again bolsters the ‘first do no harm’ policy don’t delete as a first option you have none left, check.

The other major thing is that when reported and acknowledged, avast is quick to correct such FPs.

Just wanting to weigh in and update this thread…several years later and occasionally AVAST! is still throwing false positives when msmoney.exe executes. And, the steps in the initial log are no longer valid, since the user interface (portal) has dramatically changed.

The problem lies in the fact that – despite “no threat found”, AVAST! has taken so long to scan the .exe file that MSMoney has terminated.

Can’t bring up MSMoney because AVAST! is scanning (despite being on the anti-virus exclude list), so I can’t use this program.

This has been a problem off and on over the years, and most recently it’s re-appeared. Someone forgot to do regression testing with their latest fixes!

I finally was able to exclude MSMoney via Settings > File System Shield Settings > Exclusions > Add.

You can report a possible FP here: http://www.avast.com/contact-form.php