I am new at this forums, but I’m using Avast! Antivirus since few years. Never had any problems with Avast, any false alarms eather.
Anyway, my problem is that today I have downloaded the newest plugin-pack (StrongGG … btw. there is many people who are using that pluginpack) for Gadu Gadu Communicator (popular polish instant messanger), and I get an alarm that both full instalation of this file and the update contains the Win32:Zlob.YG[Trj] (even when installed, the uninstall file is containg the same infection). I thought that maybe somehow this wirus was included in the install file, but for me and for many others who are using StrongGG it just seems silly. StrongGG is trusted software. I have even spoken with the admins of SGG and the creator. They have scanned files with other antivirus software and didn’t find any viruses. I think that problem can be with the Avasts virus database, wich may generate the false alarm.
The webadress to the plugin is [www.strong-gg.info] (the self page is not popping up that message, only if you click to download the software) so you can check this out. Trying to download full installation API or update, using avast at highest resident protection will cause that trojan warning.
If admins of Avast Antivirus are reading that topic, i would like to that they will look on that file, and check it if it’s really clean of any trojan or worms. It really annoys me, because i am using that plugin maybe in 2 years know and never had that alert from avast!.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
Although the address is clean, it’s not a good idea to post live links to pages containing malware (or even false positives).
You can ‘edit’ the address, adding blank spaces to avoid clicking on it.
I mean, the plugins website doesn’t contain any malware or things like that. It is the plugins install or update file, when you try to download it, then avast! will alert about Trojan Zlob.YG.
Yesterday I have scanned both the install and update file of that SGG plugin and whole Gadu-Gadu directory with those scanners you have mentioned in posts above. I have even scanned with Panda ActiveScan and mks_vir. Didn’t found any suspected viruses in those files. It’s only avast!, wich is alerting me about the virus.
Now I am almost sure, that this plugin is clean from any malware. Don’t know if I still should send that file to avast! It will be great if they could modify the virus database and fix that thing, because there are many people who are worried when downloading the plugin and avast! is popping up that “fake” trojan warning.
Anyway, thanks for all help and hope you fix that issue.
gbX
/edit: It seems that newest avast! virus database doesn’t finding any trojan in the StrongGG plugin. Maybe yesterdays database was buggy or something … anyway the problem is solved.
Yes, thats was what i mean. The wrong signatures for virus detection (didn’t come for the correct english words for that). I’m also glad that they fixed this problem so quickly. Thought it may take longer time … but it’s good. That’s why i like avast!. Any problem is solved so fast.
Agrh, I wasn’t happy so much longer. After the new database update, avast! is seeing the Win32.Agent.Trj in my MMORPG games, Knight Online, execute file. It is improssible, because I also had that game a long time now, plus at again only avast! seems to see trojan in that file (same thing like it was with that plugin 2 days ago).
What’s happening with avast! this days ? Why so many false positives :X.
Sorry… As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list. Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
