Avast is detecting P2KCommander.exe as malware. I have used this program for years and know it isn’t. Is there a way I can tell the on access scanner to ignore this program and let me open it or do I have to disable it every time I want to use it? Any chance this problem could be fixed?
you can test the file at www.virustotal.com scanning it with 43 malware scanners
when you have the result, copy the url in the address bar and post it here
I am not sure this is a FP; http://www.prevx.com/filenames/X3458935534094064683-X1/P2KCOMMANDER.EXE.html
Regards,
Tenko
http://cenafort.t35.com/p2kcommander-download.html put this as unsafe website. Thanks
could you give me the exe file madmatt2024. Thanks
Sorry for the delay. How do you want me to send it to you?
Here is the result from virustotal.com
http://www.virustotal.com/file-scan/reanalysis.html?id=21b79dd62d7dff12a4d24eac236b55b3da40b973320f537f6addbc1a0e7e3ce8-1290965457
Sorry, but this is a support forum and not a quasi malware distribution service, samples should only be sent to avast and not disseminated to forum users; or hosted on file shares as you have zero control over who can get it and what they might do with it…
you may have downloaded a fake version
sigcheck:
publisher…: n/a
copyright…: n/a
product…: n/a
description…: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
Here is another version, a bit smaller but it does have some info in the sigcheck…still detected by some “unknown” AV and i think FP
sigcheck:
publisher…:
copyright…:
product…: P2kcommander Install Program
description…:
original name:
internal name:
file version.: 2, 0, 0, 29
comments…:
signers…: -
signing date.: -
verified…: Unsigned
Aren’t we supporting him by helping/providing with important information? And if this isn’t
a quasi malware distribution servicethen I would suggest that avast makes one in this forum, where people can ask for support concerning FP and any a like! (sorry if I sound impolite).
And you could also make malware hunting/researching forums where people can send malware/possible malware.
Regards,
Tenko
Norman analysis say: CLEAN detection (W32/Suspicious_Gen.GTYI) will be Excluded
Malwarebytes have not added detection for it
Avira
25965828 P2kCommander.exe 522.98 KB CLEAN 25965858 P2kCommander(1).exe 74 KB MALWAREThe file ‘P2kCommander(1).exe’ has been determined to be ‘MALWARE’. Our analysts named the threat TR/Runner.AB.
The term “TR/” denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.
Detection will be added to our virus definition file (VDF) with one of the next updates.
Sophos
SophosLabs has analyzed the submitted file(s) and have determined it is a false positive detection.P2kCommander(1).exe – identity created/updated
Sample sendt avast!
How is his sending you the sample helping him, all samples should go directly to avast for analysis and not contribute to someone’s personal connection of malware samples.
How can you help, by giving the procedure of submission of samples to avast and virustotal, etc.
That is exactly what I mean regardless of an official/quasi location malware samples which are in a location that can be assessed by all, is just as likely to be misused as you have no control over who gets it nor what they may do with it.
We have in the past had cases of people posting code examples (not images of the code example), which cause avast to alert on the topic, so it kind of defeats the purpose, if samples were attached the web shield may well alert. We have also seen this in no end of other forums, where avast users have visited that forum only for avast to alert and that was exactly why, code samples and attachments being detected by the web shield.
There are many ways to deal with FPs and submission to avast is the quickest method, if you use a sub-forum you would have to have someone dedicated to monitoring it and that really is a wast of resources, when direct submission is dealt with very quickly when an FP is acknowledged.
Simple fact the best way to help ‘all’ avast users is to send samples direct to avast (who have the resources and tools) for analysis.
Hey DavidR
I hope I didn’t sound unfriendly in my previous post (I didn’t mean to)
At comodo’s forums we have a forum where people can send possible malware and there is no problem and everything is under control (as far as I know). I am a malware hunter and I have found some malware (to more exact rouge (fake av)) and I have reported them and everything goes good.
It doesn’t help anyone if they have installed a malware but by sharing it will prevent others from downloading and installing the malware.
My best advice is of coruse to send the malware sample to avast’s labs(in this case) and to google info about the exe that is downloaded.
I ask people show the exe file so that I can see look abit futher; as long as I don’t run it I have no worries.
Regards,
Tenko
No I didn’t feel that.
These forums we are basically trying to keep clear of malware, samples or otherwise. By having them in the forums (aside from what I have mentioned before) is essentially adding another step to getting it resolved, rather than sending samples direct to avast.
Analysis result(s) updated in my post above…
Thanks guys. Now it works and Avast isn’t throwing a fit.
Ok so that means 4-1 against Avira analysis…hmmmmm!!!