system
1
There is a file that I know is not a virus but Avast Antivirus 2014 (free version) has marked it and moved it to the virus chest. When I go to the chest, right click the offending file and select “Restore and add to exclusions” the file goes back to its normal place. However, when the file is next run, Avast picks it up as a virus again and puts it back in the chest. I have clicked the submit as false positive link on the virus alert and filled in the form but the above cycle still repeats itself.
The file is minerd.exe labelled as Win32:Crypt-OSW [Trj]. It it used for bitcoin mining and has previously been included in a virus, but the minerd.exe program itself is fine. It is a known problem that avast marks it as a virus - I just can’t work out how to set up an exclusion.
Does any one know what is going wrong here?
Thanks.
Pondus
2
have you tested the files at www.virustotal.com / www.metascan-online.com / www.jotti.org
send file to avast lab for correction if you think this is wrong
You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21
avast3
3
I also assume that “When I go to the chest, right click the offending file and select [Restore and add to exclusions]” that the exclusion should be created, the file should be restored, and the program should then work.
“However, when the file is next run, Avast picks it up as a virus again and puts it back in the chest” so it did NOT work.
Why did it NOT work? Isn’t this the proper procedure to immediately get around the FP?
When you create the exclusion, where in the GUI can I see the exclusion (as there is no global exclusion anymore)?
What am I missing here?
system
4
Pondus,
Thanks for the reply. The results are:
Some thinks it is nothing, others think is a virus, but label it as a bit coin miner. I want to use the program for bit coin mining so that is okay. According to here: https://github.com/pooler/cpuminer/issues/13, it is a known problem that some virus checkers label it as a virus. I downloaded it from the official source.
Reporting the issues via the method you mention below seems to bring up the same GUI as False Positive so I believe I have already submitted this to Avast.
Pondus
5
does not look clean to me
if this was clean… it should have been fixed by now and not have a 34/47 score at VT ???
First submission 2013-07-19 01:29:12 UTC ( 4 months ago )
however i see some class it as riskware / PUP
PUP = not virus / Possible Unwanted Program
system
6
Taking things on balance I’m willing to take the risk of running this program. Back to the original question - If I restore minderd.exe and add it to the list of exceptions, why does Avast send it back to the virus chest as soon as I run it? Where can I see the list of exclusions?
system
7
To answer my own question and avast@advantage77.com, click on the “Antivirus” text on the left, scroll down until you see “Exclusions”. Under file paths you should see the exclusions you have made.
My exclusion has now appeared. Running the program from the command line seems to work without Avast removing the file.
avast3
8
Here is the response that I received when I could not right click the FP in the chest:
Dear J.R,
Normally it should exactly as you described, however this can mean that your FS can be corrupted. To better understand the issue, please send me a support package, so I can check your File-Shield log to see if any changes were made, when you were adding the file as an exception.
To generate the support package please follow these steps:
- Start avast!
- Help → Feedback->scroll to the GENERATE SUPPORT PACKAGE part
- Tick BASIC INFORMATION, LOG FILES and MINI-DUMPS
- Click the GENERATE NOW button
and send me the generated *.zip file as an attachment to this email.
We will try to find the reason and a therefore create an appropriate fix for this.
Thank you!