system
1
have been running Avast on this pc (xp, fully patched) for a long time - the pc is primarily a data server and is not used for email, messaging or surfing.
The other day the program requested update to Avast 2014 and I went ahead - since then I have had several alerts re the above threat.
Given the fact that the pc is hardly ever used to go online and has been protected, nothing new has been installed for a long time, I wonder if somehow the new setting in Avast 2014 is too high, providing me with false positives.
The first three alerts did not particularly bother me as they referred to system restore : System Volume Information_restore{E3CCBEC4-400A-453C-B171-1BD0F7620F3B}\RP561\A0131992.EXE - initially on an external hp harddrive to keep backups and later on the operating drive. The flagged files were listed as AO130390.exe, AO131751.exe and AO131992.exe but appeared individually over three days and were put into the chest.
Yesterday a fax program that I have been running for years was flagged and not worried about this program, I clicked on the exclusions when the alert came up, expecting the file to be ignored and the program to continue working.
Instead the program is broken, the file seems to be deleted and I will have to reinstall the program.
Are there problems with Avast 2014 being too agressive re the above threat?
Are there settings I should adjust to prevent the automatic deletion of any files and why would a request to add a file to an exclusion list lead to deletion instead?
Any advice will be appreciated.
Pondus
2
Win32:Evo-gen [Susp] = suspicious
You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21
system
3
Pondus, thanks and I would like to do so but unfortunately this file does not appear in the chest and is no longer in the original program folder. If I could find a log, I might be able to determine what happened with the file but the only log I can find is for scans I initiate, not for real time action Avast is doing.
Those files were in system restore, so if you turn off and then turn on system restore they will disappear
system
5
Essexboy, the first two alerts were there and that’s why I said I don’t much care. These three files are still in the chest and can stay there - does not matter. The file I do care about was for the Fax Program and that exe.file (Program Files\FaxTalk Communicator\FTCtrl32.EXE) is now neither in the chest nor in the original folder. Somehow this file got deleted instead of added to the exclusion list as I had intended and understood based on the option.
I just had this happen to me with a photo program I’ve had for 5 years (MGI Photosuite II SE). About 20 minutes ago I tried to open it, and got that alert about the same file and it moved it to the chest, messing up the program (I just used the program a couple hours before then!). Should I go ahead and try to restore it?
Edit: And just like that it came up clean when I re-scanned it.
Pondus
7
Use the info above on how to report it to avast so that they can correct it