http://www.rjlsoftware.com/software/utility/shutdown/
I’ve been using this utility for some time now (2 years?) and the latest Avast update tells me it is infected with Win32:Trojan-gen. {other}.
This is so handy a utility and I can’t use it anymore, so I have a choice, chuck it or chuck Avast. I’d rather keep both. I have both on many PC’s and laptops and the problem is on all of them since the latest Avast update.
There must be a fix to this.
To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used.
As a workaround, add it to the Exclusion lists:
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demmand scanning):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
You can use wildcards like * and ?.
But be carefull, you should ‘exclude’ that many files that let your system in danger.
Adding it Exclusions in Avast Home Ed doesn’t exclude the online scanner which still sees it and stops access.
I’ll send it zipped with password avast
From JOTTI:
File: shutdown.exe
Status:
INFECTED/MALWARE
MD5 fd4c61520f5a2f439395b4461b7e5f64
Packers detected:
ASPACK
Scanner results
AntiVir
Found SecurityPrivacyRisk/Reboot.A riskware
ArcaVir
Found nothing
Avast
Found Win32:Trojan-gen. {Other}
AVG Antivirus
Found nothing
BitDefender
Found Application.Reboot
ClamAV
Found nothing
Dr.Web
Found Tool.Reboot
F-Prot Antivirus
Found nothing
Fortinet
Found HackerTool/RebootAd
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
From virustotal:
Complete scanning result of “shutdown.exe”, received in VirusTotal at 07.25.2006, 06:52:45 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.24 07.24.2006 no virus found
Authentium 4.93.8 07.24.2006 no virus found
Avast 4.7.844.0 07.24.2006 Win32:Trojan-gen. {Other}
AVG 386 07.24.2006 no virus found
BitDefender 7.2 07.25.2006 Application.Reboot
CAT-QuickHeal 8.00 07.22.2006 no virus found
ClamAV devel-20060426 07.25.2006 no virus found
DrWeb 4.33 07.24.2006 no virus found
eTrust-InoculateIT 23.72.77 07.25.2006 no virus found
eTrust-Vet 12.6.2306 07.24.2006 no virus found
Ewido 4.0 07.24.2006 no virus found
Fortinet 2.77.0.0 07.25.2006 HackerTool/RebootAd
F-Prot 3.16f 07.24.2006 no virus found
F-Prot4 4.2.1.29 07.24.2006 no virus found
Ikarus 0.2.65.0 07.24.2006 no virus found
Kaspersky 4.0.2.24 07.25.2006 no virus found
McAfee 4813 07.24.2006 potentially unwanted program Reboot-AD
Microsoft 1.1508 07.25.2006 no virus found
NOD32v2 1.1677 07.24.2006 no virus found
Norman 5.90.23 07.24.2006 no virus found
Panda 9.0.0.4 07.24.2006 HackTool/Shutdown.A
Sophos 4.07.0 07.25.2006 no virus found
Symantec 8.0 07.25.2006 no virus found
TheHacker 5.9.8.181 07.25.2006 no virus found
UNA 1.83 07.24.2006 no virus found
VBA32 3.11.0 07.25.2006 no virus found
VirusBuster 4.3.7:9 07.24.2006 no virus found
Aditional Information
File size: 97792 bytes
MD5: fd4c61520f5a2f439395b4461b7e5f64
SHA1: 0d56e9cab88fc77fedd3b5c7d677c1cbc1e4debc
packers: Aspack
Check if you’ve wrote correctly the name and the path.
You should use both long and short (8+3) path names.
Did you boot after adding that to the Exclusion lists?
Did you add at both or only the first one?
This tool can be used for good or evil so it is difficult for an AV to determine its use. If you know why you have it (it didn’t suddenly appear on your system without your downloading it, etc.), and are happy then do as Tech suggests and add it to the exclusions.
As some other AVs determine it as riskware since they too don’t know the intention/purpose/use the file might be put to.
You need to add it the Standard Shield exclusions also (as Tech said) and not just the Program Settings, Exclusions which covers the on-demand scans. If you did add it to both locations then you check the path given, spelling, etc. you can use wildcards to avoid lengthy paths. e.g. C:*\shutdown.exe
I use it for ‘good’. A easily used desktop shutdown or restart ap and have done so for some time.
I’ve added it to the ‘Exlusions’ but not in the 8.3 format - Rebooting had no effect so I shall now do a 8.3, reboot and try again.
Nup. 8.3 path is the same. Won’t allow access. :-\
All I can suggest is that you post what it is that you are putting into the Program Settings, Exclusions and into the Standard Shield, Advanced, Add, window so that we might check it.
Try using the * wildcard option so you don’t need to worry about 8,3 naming. There can be a problem if the total length of the path is over a certain size, so it if is deep in a sub, sub folder use wildcards.
I have 2 paths set, the 8.3 because the LFN made no difference, but neither does the 8.3 ???
The app is in the folder C:\Program Files\Utilities\Shutdown\Shutdown.exe
C:\Program Files\Utilities\Shutdown*
c:\Progra~1\utilit~1\shutdown*.*
Why can’t Avast just remove whatever code has caused this? It was fine last week. 
They can… but what makes me crazy is WHY the Exclusion lists aren’t working? ??? :
Please test:
C:\Program Files\Utilities\Shutdown*.*
Sheesh! I had tried that, but for the benefit of self doubt, I copied and psted your line in and bingo! Shutdown.
Weird.
Thank you. At least now I can bypass it until a fix is done. Will virus@avast.com write back to me informing me?
(I have sent magicaljellybean keyfinder ( http://www.magicaljellybean.com/keyfinder.shtml ) to them as well, same problem ;D )
Everything is weird but happy it worked ;D
Generally not… there is not an automatic answer and they receive a lot of samples for analisys.
The policy is make the correction than ‘answer’ each email… 8)
No problems at all.
Thank you for your help. Avast is a great product and I tell as many as I can about it, hopefully some commercial contacts pick it up and buy it for their businesses.
Spread the word - Viva Le Avast.