Since last update Avast! is sensing the file ChatMon.exe as infected by the trojan horse I wrote in the topic.
Of course this is wrong.
I’ve always used this application since long time, and Avast! started to feel it as dangerous and infected only since last patch.
The file did NOT get infected meanwhile, because avast feels like also the one contained into the RAR (which was in a CD) is infected.
The program is old, self-made by someone (I don’t know who) and probably not secure. That’s probably why Avast!, not knowing the program and it not being certified, considers it like a menace.
Of course it’s not!
As of now I can’t run this simple software, and I need it since I can’t find a newer version and I have no idea where to get it, there is no TXT inside linking to the website of the author
Informations about the software at the end of this thread.
VPS version 000728-1, 27/03/2007
Chat Monitor (ChatMon.Exe) is a very simple program I use to Log into an HTM files the chat logs of a MMORPG called Final Fantasy XI, I don’t use it because I want to keep it logged, but because one of the functions of ChatMon (and the only one I’m interested in, actually) is to play a .wav file whenever something happens, for example you receive a /tell or a party invite.
I usually minimize the game window, go away from my keyboard or doing other things, and thanks to this little program I can know when someone is inviting me to a party or asking me something, I got so addicted to it I Can’t live without.
I’m 100% sure it’s not infected but it’s just a problem with Avast not feeling it to be “secure” enough and considering it to be infected by a trojan.
How can we resolve this problem? Can you update the databases? Do I have to do something locally?
Could you please pack the file into a password-protected ZIP or RAR and send it by e-mail to virus@avast.com (specifying the password in the e-mail body, preferably using something like “False alarm” subject)?
It could well be a false positive detection but you need to confirm this.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
I sent an email, and I’m currently scanning the file online.
Thanks everyone for your nice and prompt help, and once again please pardon my ignorance in this field.
If you got it from here: www-dot-exploreanywhere-dot-com/chat-monitor-dot-htm, then it was from an insecure download site (according to McAfee SiteAdvisor). There are safe download sites. You can post the download site for igor, but render it like I did, so . reads -dot- . In that way it becomes a link that cannot be accessed, because we do not want anyone go to infected sites. From the results of the scan the file is infected with trojan crypt j or alias sober j: http://www.sarc.com/avcenter/venc/data/w32.sober.j@mm.html
No it’s not that. The one I’m talking about is a home-made program for a MMORPG game called Final Fantasy XI, it’s not authorized by SquareEnix (the software house producer of the MMORPG). It was probably made by some player who felt the need to log what he said etc.
I don’t have an .nfo or a .txt file with infos on the authors, and I can’t access the “about” option of the program either, because I can’t load the program at all.
I didn’t download it anyway, a friend send it to me long ago. One year go? Maybe something less.
I’ve been using ever since, and of course I already had avast back then. Problems started with the march 27th update of Avast, everything was good before then.
This info is really helping us. All info on malware helps to protect victims in the future. If you upload to virustotal and there is only one or two AV-scanners that alert, you can conclude from that there could well be a False Positive, but when more AV scanners alert, then the chance of a False Positive becomes more and more remote. In that case a False Positive must share specific characteristics of known malware definitions, else it is definitely “malware”.
So you will know in the future when avast have analysed the uploaded file for 100% what it is when the avast scanner still flags it or not. Therefore better update as is igor’s advice.
What happened when you tried an online scanner, like Bitdefender for instance. Did it flag the program as well?
Whenever I download I pre-scan with DrWeb’s av-link scanner add-on for Firefox or the Flock browser.
Also trusted download sites can get infected. So scan on downloading or better before. Then I would not recommend putting third party software on my machine, how well meant by friends it may be, this is insecure proceedings period. Do not do that again. For the moment I hope your worries are in vain, and your computer is free of malware now,