Problem after today's update

I have been running Avast home edition for years and been most grateful for it.
Today it has updated itself as usual, but is suddenly seeing my Big Fish Games manager and the games installed this month as infected. Each time I click to play a game the alarm goes off and I get the message that they are infected with Win32:Inject-BS [Trj] virus. I have now trie d 8 games and cannot play any of them.
With the new Installer used by Big Fish, games are placed in my Program Files Directory, rather than in my Games one. How do I bypass the Big Fish Manager and all my games, which this morning were all accessible and are now seen as a threat by Avast. I do not want to disable Avast nor to uninstall it.
Thanks
JoyB

Just letting you know that the same thing has happened to me. I only have one game installed at the moment, Chocolatier, but I really like it and would also like to know how to get around this problem.

/Lizzan

I cannot even open any of the game files concerned in Program files, never mind open Big Fish Games Manager , or play the games. Older ones are not affected, but Gemsweeper, Hidden expedition Everest, Big City Adventure, Magicians Handbook and several others are inaccessible.
Glad I am not the only one affected by this update problem!!

Going into settings and putting their game folders into exclusion makes no difference and I do not want to exclude the whole Program Files, that seems too risky.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

It says that there is “sign of Win32:Inject-BS[Trj] has been found in” - in the .exe file of all of my newer Big Fish Games.
The siren is going off even now as I am trying to download their latest game. I can hardly exclude it, before it has been downloaded or installed! I will try VirusTotal next, thanks for suggestion. Will look at False Positives after that.
I have put the .exe files on the exclusion list, rather than the whole folders, so will try and open one now.
Thanks for your help.

As the .exe files are more than 10mb in size I cannot send them to virustotal - they reject files over that size.
Jotti reports that only avast finds anything wrong.

I’m not sure but maybe you can test the download file with Dr.Web Online.

I does look like it is an FP so take action to send the sample to avast and exclude the file from scanning, see my previous post.

Do I just send one of the games up to Avast - there are about 8 affected by this. Only thing is, I have no program that can pack these into a zip to send. these alarms are driving me loco. They are sounding off as soon as I open up Explorer and Program files.
I think I have had enough with it and as for hand typing details of every one for the exclusion, it will take me forever. There are so many involved.

Thanks anyway for your help. Tomorrow is another day - I will probably just change to another virus protection program.
JoyB

Use the good and free IZArc: www.izarc.org

You can use wildcards * to make it easy.

If you think so…

Since the 8 effected have the same malware name (correct ?) then sending one of the smaller ones. Hopefully it is something in the file that is replicated in the others.

But you should record the file names, the locations and the malware name of the detections in this Topic. In the body of the email include a short explanation as previously mentioned and include the URL for this topic, so the might refer to the other files detected.

If one of the files is in the avast chest you can send it from there (right click on the file and select email to Alwil Software), no need to zip and password protect. Don’t change any of the default settings, just add the possible false positive and URL to the topic and if rum a brief outline.

:smiley:
Thank you to all who replied. Today’s update has resolved the situation. All is back to normal with no alarms at all. I am so glad.
JoyB

And I now know what to do if it ever happens again!!

No problem, glad we could help and you learned something too, a good result.

Welcome to the forums.
Stick around and browse the forums, especially the sticky topics at the top of each of the forums, not to mention the avast help file. They provide a wealth of information to help you get the best from avast.

When you search for an antivirus, don’t forget to consider the support time response 8)