I’m really disappointed for this behaviour… I BOUGHT a license for avast Pro a few months ago.
Now that I’ve used the support forms at http://www.avast.com/it-it/support (“Richiedi supporto”, “Invia un ticket”)
I received NO REPLY whatsoever. Not even an automated reply… NO TICKET number. >:(
I’d pointed out that there are a few false positives:
[ol]- the DiskInternals Reader for Total Commander: http://www.diskinternals.com/reader-for-tc/
(click on “Download” and look at the red box with a bogus message “Infezione: Win32:BogEnt [Susp]”)
Obviously, VirusTotal and Metascan Online will tell you that the file is safe…
the whole site www.FilmTV.it … try to navigate it and see for yourself… red boxes at will! :o[/ol]
All in all, why should I pay for a license if the support level is exactly the same as for the free version? … i.e. ZERO support! >:(
When the paid license will expire, I’ll certainly consider buying something else, with a better support! >:(
@@@@
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to Open the chest and right click on the file and select ‘Extract’ it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn’t hurt.
[b]ClamAV PUA Engine[/b]
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
...well it says Infection... "[b]Infezione[/b]: Win32:BogEnt [Susp]" (that's the meaning, in Italian language).
Moreover, if you click in the red box that avast pops up on screen (in the field "More info"), you get a web page in which avast is telling you it saved your ass... or something to that effect.
In the upper right corner of the web page the name of the Infection is repeated again, with the same wording: "[b]Infezione[/b]:"... :o ::)
VirusTotal URL scan is a reputation scan…it does not show the file scan result
you have to click the “go to download file analysis” to see the file scan
what does the avast pop-up say about the URL…can you attach a screen shot ?
Then, if you already know the results, please don’t tell me to do it again…
if you read my first post… I already did… (“VirusTotal and Metascan Online will tell you that the file is safe”).
You only had to check that it was true.
All this stuff doesn’t change the avast policy (and my disappointment) at all… If I pay for a license, I’m not supposed to post in a forum to get support.
The forum should be a last resort only. There are specific web forms and tickets to get technical support.
What’s worst is that there was no reply, no ticket, no nothing…
And please, in general, don’t tell me to post in the italian language section of the forum… guess why… :
Then, if you already know the results, please don't tell me to do it again...
i did not tell you do anything again...
if you read my first post.... I already did... ("VirusTotal and Metascan Online will tell you that the file is safe").
You only had to check that it was true.
i tried to give you the explanation for why it is detected as suspicious....... did you not post here for help ???
What's worst is that there was no reply, no ticket, no nothing....
@ MiSchi99
To start with we are avast users not avast employees, we are trying to help, but I guess you don’t want the help, just to vent. Personally you shouldn’t need to create a support ticket or visit the forums to report a false positive, than can be done directly to avast.
If there is a file you consider an FP then send it to avast as has been suggested. Or use the on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.
Avast can then can analyse it and correct the signature if they agree it is a false positive.
The italian wording is telling: “SUSPECT FILE BLOCKED. The avast! Web Protection has blocked a harmful site or file”.
If you click on the “More details…” button, you get the following page:
Or use the on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.
Already tried that strategy too. As a matter of fact, I sent two such reports:
one using the e-mail account connected to the avast free license I have on one PC, the other using the e-mail account connected to the paid license....
Do you think I got any reply?.. I guess waiting a week should be enough… :o :
The idea of moving this topic to the “virus and worms” section was a bad idea, indeed.
Rather, it might be a means of hiding an embarassing topic from the main forum section… >:(
The problem here is NOT that filmtv.it is hacked… that site is not hacked in any way…
it’s a well-known movie-info site. The red box IS A FALSE POSITIVE from Avast !!! >:(
Moreover, the main subject of my post was pointing out that the avast team DOES NOT react to a false positive alert in any way,
and that they DO NOT REPLY to an open ticket. >:( Is this the support level that a paid license deserves??? >:(
Anyway, I already solved my problems… I uninstalled avast and installed something else.
I also will do my best to negatively advertise users against avast… see you never… >:(
Avast isn’t the only scanner to alert on the content of a compressed/obfuscated script file being loaded when you visit the site. That is the {gzip} bit at the end of the malware name on the alert, image1 and image2 an extract of the content in the file being run/loaded. This file was captured and uploaded to virustotal for scanning.
Yes!! That exactly means that the filmtv.it site IS CLEAN…
1 detection in 28, statistically, means 3.6%… and with ONLY ONE OLD DETECTION
Look at the second URL you posted (the only detection) … “DATE: 2011/07/12” … more than a year ago! :o
There is no need to add more.
“Non ragioniam di lor, ma guarda e passa.” (Dante Alighieri, Divina Commedia)
Just by installing something else and removing avast! isnt going to solve the issue…If there would be something really there then if your Something else wouldnt be able to detect it and you will be infected…
Anyway,you cannot blame your AV for small reasons…be happy your av is one of the few which protects you…avast! has 161+ million users and probably your negative advertisement is of no use.
By the way,the site got hijacked with malicious obfuscation…even if site was made some years ago…or even if the detection is recently generated…but it is correct detection and the site is hijacked…
Just because the site is only detected by 1,2 or 4 AV’s…it doesnt mean its clean…these days even legit sites are hijacked…so better trust your av warning ;D
You completely missed the point … I blame avast for NOT GIVING ADEQUATE technical support…
do you remember the tickets? the Diskreader plugin? All in all, Filmtv.it is a minor point for me.
:
