There is a file that I know is not a virus but Avast Antivirus 2014 (free version) has marked it and moved it to the virus chest. When I go to the chest, right click the offending file and select “Restore and add to exclusions” the file goes back to its normal place. However, when the file is next run, Avast picks it up as a virus again and puts it back in the chest. I have clicked the submit as false positive link on the virus alert and filled in the form but the above cycle still repeats itself.
The file is minerd.exe labelled as Win32:Crypt-OSW [Trj]. It it used for bitcoin mining and has previously been included in a virus, but the minerd.exe program itself is fine. It is a known problem that avast marks it as a virus - I just can’t work out how to set up an exclusion.
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
I also assume that “When I go to the chest, right click the offending file and select [Restore and add to exclusions]” that the exclusion should be created, the file should be restored, and the program should then work.
“However, when the file is next run, Avast picks it up as a virus again and puts it back in the chest” so it did NOT work.
Why did it NOT work? Isn’t this the proper procedure to immediately get around the FP?
When you create the exclusion, where in the GUI can I see the exclusion (as there is no global exclusion anymore)?
Some thinks it is nothing, others think is a virus, but label it as a bit coin miner. I want to use the program for bit coin mining so that is okay. According to here: https://github.com/pooler/cpuminer/issues/13, it is a known problem that some virus checkers label it as a virus. I downloaded it from the official source.
Reporting the issues via the method you mention below seems to bring up the same GUI as False Positive so I believe I have already submitted this to Avast.
Taking things on balance I’m willing to take the risk of running this program. Back to the original question - If I restore minderd.exe and add it to the list of exceptions, why does Avast send it back to the virus chest as soon as I run it? Where can I see the list of exclusions?
To answer my own question and avast@advantage77.com, click on the “Antivirus” text on the left, scroll down until you see “Exclusions”. Under file paths you should see the exclusions you have made.
My exclusion has now appeared. Running the program from the command line seems to work without Avast removing the file.
Here is the response that I received when I could not right click the FP in the chest:
Dear J.R,
Normally it should exactly as you described, however this can mean that your FS can be corrupted. To better understand the issue, please send me a support package, so I can check your File-Shield log to see if any changes were made, when you were adding the file as an exception.
To generate the support package please follow these steps:
Start avast!
Help → Feedback->scroll to the GENERATE SUPPORT PACKAGE part
Tick BASIC INFORMATION, LOG FILES and MINI-DUMPS
Click the GENERATE NOW button
and send me the generated *.zip file as an attachment to this email.
We will try to find the reason and a therefore create an appropriate fix for this.