I recently downloaded file http://www.inmon.com/bin/sflowtool-3_26.zip . Checked it by avast scan context menu - passed Ok. Send it to virustotal - pass OK. Unpacked executable- avast immediately pop up virus alert and deleted file.
Could you check if is it really malware, and why it was undetected by manual scan?
You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php
avast doesn’t say it is a virus.
avast says it is suspicious.
I am more concerned about non-detecting while packed in zip file.
BTW, Avast Web-shield prevents me from downloading this zip archive, but doesn’t show pop-up with alert.
If I get file by other means (on the USB flash drive) Runtime file shield does not detect anything. Manual scan does not detect anything. Only when I try to extract file from archive, Runtime shield detects it, show alert and remove file to Quarantine.
If I get file by other means (on the USB flash drive) Runtime file shield does not detect anything.Recomended USB protector, free MCShield http://www.mcshield.net/
used by this forums malware removal team to clean infected USB devices
What would you say about if I download this file by SFTP? It is exactly how did I get this file to my hard drive - downloaded by SFTP from computer running Linux. There are too many ways for get file to hard drive and using different kinds of “protectors” for all this ways is totally absurd.
I am not trying to disinfect my computer, because Avast eventually catch it. I am just wondering, why it catch this so late? Because I’ve checked setting of Runtime file shield and there is option “scan archives” and it is turned on, but seems not working.
I am just wondering, why it catch this so late?avast have many layers of protection and i guess this was detected by behavior
if it was detected as Win32:Evo-gen [Susp] = Suspicious as Eddy already said
how evo-gen work https://blog.avast.com/2012/12/03/new-toy-research-lab/#more-11102