Lately i get allot of FP’s (to my knowledge) whit the latest Virus db update !!
Many warnings are about applications i use for years !!!
The following files i get warned about are :
[u][i][b]1)
SYSTEM 1532 Sign of “Win32:Malware-gen” has been found in “C:\Program Files (x86)\Registry Clean Expert\UnFD.exe” file.
SYSTEM 1532 Sign of “Win32:Malware-gen” has been found in “C:\Program Files (x86)\DVD-RB PRO\Reg-RB.exe[Embedded_O#0ec00][ASPack]” file.
[/b][/i][/u]
I have sent several FP reports to avast HQ about it!
For now i have exlcuded those files for the time beeing to prevent those warnings to poppup all the time!
I have ran it through total virus and it came up whit 8 hits for warning 1) ??? and only 4 hits for warning 2) !!
Can some one confirm those files in question are FP’s indeed !?
Also, i noticed avast almost NEVER repairs the “so called” infected files !? Wots up whit that ?
Interestingly in the VT results you posted avast doesn’t detect it, so it may well have been confirmed as an FP and corrected. Ensure you have the latest virus signatures and scan the file again.
As to why post the VT results - It confirms the detection one way or another (before exclusion) and if only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP. However, there are multiple detections although most of those are generic or heuristic.
Why on earth does avast still allert me after i have excluded the file from any future scans !!???
Its about Warning 1) (“UnFD.exe” file / SYSTEM 1476 Sign of “Win32:Malware-gen” has been found in “C:\Program Files (x86)\Registry Clean Expert\UnFD.exe” file. ) ,
If it is still detecting it then you haven’t excluded it, either you haven’t placed it in the right place (two exclusion lists) or what you entered in the exclusions is incorrect.
So unless your exclusion matches this:
C:\Program Files (x86)\Registry Clean Expert\UnFD.exe and C:\Program Files (x86)\DVD-RB PRO\Reg-RB.exe it would fail.
You also don’t say what scan detected it, on-access or on-demand (you initiated the scan) ?
With 8 detections on VT it isn’t what I would say a 100% FP, although most are heuristic or generic detections, it should be sent to avast for analysis, again if you already have.
First of all, i didnt initiated any scan at all !? When my computer is in idle state (no work state at all) for a period of time avast poppups the infamous window allerting me the “unFd.exe” file is infected!? It doesnt mentioned which type of scan did pick up the detection (how can i tell anyway) !!!
I have browsed for the right paths to exclude : C:\Program Files (x86)\Registry Clean Expert\UnFD.exe by going to program settings > exclusions ofcourse !!
I now have excluded the whole directory and subdirs : C:\Program Files (x86)\Registry Clean Expert
In either way, when i do initiate a scan on those suspicious files avast doesnt allert me anymore which means i have indeed excluded those files !??
Yet, when i leave my computer alone = idle state… Avast suddenly popps up whit that allert again !i?
Thats one method to exclude “Files” in avast home! Since you wrote about 2 method lists, wots the second exclusion method i can try to exclude files not Urls ?!?
Maybe i always can try out Avast Home 5 serries :-\ and uninstall everything about avast 4.xx and start all over !?
I lately get allot of allerts about files i have stored away for years safely !!?? Those files cant possible be infected after all those years and after numerous clean scans i have made in the past now is it!??
Furthermore my computer never showed any signs of corruption because of those files over that period of time :-\ !!
First I was asking an either or question, either it was detected on an on-demand scan (which you have got to initiate) or an on-access scan (since you didn’t initiate the scan, this would be it). So I didn’t say you scanned it, but trying ascertain which type of scan it was, which we now have (resident on-access scan).
Now something accessed that file to cause it to be scanned by the Standard Shield (on-access scanner) to scan the file.
So your exclusion failed because you didn’t place the exclusion in the Standard Shields Exclusion: Standard Shield, Customize, Advanced, Add it isn’t advised to exclude complete folders and (that also failed) as it leaves a hole in your security, exclude the full path to the file.
Yes you could try avast 5, but I doubt that would make any difference to the detection as essentially it uses the same virus signatures. However, version 5 is now officially released, but I don’t know if your language version is available yet.
Now i understand wot you actually meant by “which type of scan” avast warned me about !
Its safe to say it all started whit “on-acces scan” allerts then!
And yes, i also did an “on-demand scan” to see if i have excluded the file or not! And since it didnt pick up the file on demand scan i asumed i indeed did excluded the file you see!
Now i have installed Avast 5 home (nothing excluded = the unfd.exe file is back in the system dir), and iam trying to figuring out why it doesnt pick up any threat when i do an scan through windows explorer but it does allert me again when i do a “folder scan” !!??
The setting in avast for “scan from windows explorer” is at default = torough !!??
Is avast 5 broken in any way under windows 7 x64 to do scans from out windows explorer !?
Also, the standard shield in avast 5 is that replaced by ‘File System shield’ = “on-acces scanner” !?
Though I’m at a loss as to why it isn’t picked up on a right click scan as that scans all files in the area selected in explorer and is meant to be the most thorough scan including all unpackers. Yet the folder scan does pick it up.
As far as I’m aware win7 x64 should act in the same way, but I don’t use win7 so I can’t test it. For me on XP Pro the right click (context) scan works as it should.
The only difference that I see in the folder scan to the right click scan is that in the Sensitivity section of the Expert Settings, it uses heuristics and code emulation (where I don’t believe that is available in the right click scan). So given that this is a malware-gen (-gen usually indicates generic detection signature) and in avast 5 this are is stronger than in 4.8, so I don’t know if that may be the case here.
That may also be why avast 4.8 isn’t detecting it in the VT results you posted.
Send the sample to avast as a False Positive for further investigation:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form (a link to this topic might help) and submit, the file will be uploaded during the next update.
The explorer scan feature works whit heuristic scan and code emulation if you choose to use that though, just like the folder scan in avast 5 does!
But some how i didnt even got an final scan analyse report when doing a explorer scan !!
I just could read in explorer avast 5 wos doing an scan on those Directory & files , and thats about it! nothing more !
Today is a different story. I think avast HQ have fixed both problems ;). The file in question must have been an FP, as the file doesnt seem to be any threat anymore ::). And b) when doing an explorer scan i get notified about the scan results now, what not happend before !
Thats just it pondus! Now all of a sudden i do get notified regardless of wot the results are , which i like verry much. That said, i havent changed any setting in avast 5 before or after ! I used the default setting in avast 5! Before i didnt got notified wot so ever! It just told me it scanned the files and thats it !?
I couldnt even find anything back in the scan logs from avast 5. Now, i see the directory i have scanned through xplorer scanning feature ! So, something must have changed to avast 5 as to why it do reports/scans the right way !? But then again, is it possible avast 5 is working properly now by just updating the Virus database !?? Because, program updates to avast 5 are set to “ASK ACTION” !?
Ah, i just see in avast 5 … That when set Virus Definitions to auto it also updates Engine !?
So in fact there are 3 types of updates that takes place sort of speak !?
Virus database
engine !
program updates
And the engine must have been updated along whit the virus definitions and thats probebly why windows explorer scans/reports files the right way as of now !?
! So, something must have changed to avast 5 as to why it do reports/scans the right way !? But then again, is it possible avast 5 is working properly now by just updating the Virus database !?? Because, program updates to avast 5 are set to “ASK ACTION” !?