Suspecious file

Staticguy · February 8, 2013, 5:06am

I don’t know why Avast Free didn’t this program as suspecious. I have used this file for many years.

Webpage is this http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm

here is the evidence. I believe this is a false positive for a suspecious file.

What should I do? shall i add the file to the scan exclusion list. I am using the lastest version of Avast Free Edition version 7.0.1474 current version is 130207-1. Or Avast detecting a false positive?

Pondus · February 8, 2013, 5:42am

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners (if tested before click new scan)
post link to scan result here

Staticguy · February 8, 2013, 6:24am

Avast and other antivirus softwares shows nothing but except for ESET NOD32.
I believe this is a false positive from Avast

Link is here https://www.virustotal.com/file/e59030230bef71cd664bcc52b2d4792437813fc9e9a80f2e629ffc11ddd53b47/analysis/1360304834/

Pondus · February 8, 2013, 8:00am

new at vt

First seen by VirusTotal
2013-01-31 22:05:55 UTC ( 1 uke ago )

Adware:Win32/OpenCandy
http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy

Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. Some versions of this program may send user-specific information, including a unique machine code, operating system information, locale (country), and certain other information to a remote server without obtaining adequate user consent. These versions are detected by Microsoft’s anti-malware products.

Staticguy · February 8, 2013, 9:42am

So what will Avast do now? Will they issue an update again to fix this problem? I didn’t install any random or unknown programs that i didn’t use or know about it, and also I don’t get random pop-up message like the link that you gave me. That DVDVideoSoft program I know it, because I have used it many times in the past with avast installed in the past and no problems at all? So I take it as that it is a false positive from Avast?

Avast detect this as Win32:Evo-gen (Susp)

UPDATE: Avast just now updated it’s malware definition to 130208-0 and still it’s detecting that suspicious file. Did a custom scan with MalwareBytes’ Antimalware it also didn’t find anything? I can also install the ESET NOD32 online scanner to do a full system scan and it can remove it, but then again it may come back with DVDVideoSoft and again Avast detecting it again. So just to be on the safe side I want Avast to fix this?

Oh here’s the logs from those detections

Pondus · February 8, 2013, 12:20pm

report False Positive here http://www.avast.com/contact-form.php

polonus · February 8, 2013, 12:27pm

Suspicious external element on site: http://zulu.zscaler.com/submission/show/c3b2f0305358e00afd5a7209410db5b9-1360325266
and
[nothing detected] (iframe) www.facebook dot com/plugins/likebox.php?id=124695460922125&width=270&connections=4&stream=false&header=false&height=160
status: (referer=www.creagratis dot com/sudoku-da-stampare-gratis-schemi-facili-difficili/)saved 19120 bytes 375ade2687abe602bc7b656cc182b9ede9dd9d44
info: [img] profile.ak.fbcdn dot net/hprofile-ak-ash4/373249_124695460922125_1991907728_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-snc6/275043_100004681274078_341974556_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-ash4/273319_100004699953037_1532274378_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-ash4/273579_1073718813_598962146_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-snc7/371057_100001032805111_122399365_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-prn1/573722_100004935643644_852053168_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-snc6/276085_100000682804427_1409036492_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-snc6/186169_100003749460114_725908614_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-snc6/187637_1601823827_1743753007_q.jpg
info: [img] profile.ak.fbcdn. dot et/hprofile-ak-prn1/41376_100000810031728_4019_q.jpg
info: [img] profile.ak.fbcdn dot net/hprofile-ak-ash4/187514_1516513257_1624842131_q.jpg
info: [decodingLevel=0] found JavaScript
suspicious: earlier FILEMAGIC Macromedia Flash data (compressed), IDS alert…WP facebook plugin with image dimension problem…
Furthermore I see no problems, so this could be a mere pup detection and yhen you can excluse this in avast or in the avast sandbox,
just file up a report as our friend Pondus has suggested…

polonus

Staticguy · February 8, 2013, 1:28pm

Can’t seem to report it, webpage says the connection got reset? Tried via google chrome and firefox… same result. Is there any other way to report this i.e. pm to moderators! I will try that?

polonus · February 8, 2013, 1:37pm

Yep, send a mail to virus AT avast dot com,

polonus

Staticguy · February 8, 2013, 8:48pm

Oh yeap, good idea? I already send it along with this forum!

I also included many information about this false detection where the file can be downloaded, the name of the detection, the result from VirusTotal, and etc.

The more the detailed information the better :). So when can I expect their reply?

UPDATE: Just now my avast updated the virus protection! Opened up that program no detection, did a custom scan on that particular file from C drive, no detection! I believe it’s fixed now. Very much appreciated your assistance and help Polonus and Pondus

polonus · February 9, 2013, 7:44pm

Hi Staticguy,

Thank you for your confirmation of that issue being fixed.
Fine it is settled then.
Stay safe and secure,

polonus

Staticguy · February 11, 2013, 10:33pm

Yeap everything is now sorted! Got a mail from support@avast.com that it has been resolved i updated my VP of my avast program=problem solved.

Thanks again to both of you for the support and assistance.

Suspecious file

Announcements