I am still getting a Virus Alert for this FP. I downloaded 080626-1 only slowed down the warnings, did not stop.
Any advice?
You should at least say on what file does it report. Trojan-gen is generic detection covering hundreds of thousands malware objects.
Sorry. Located in C:\WINDOWS\system32\rtfeng.dll. Anything else that I can provide?
What program is it associated with ?
- Upload to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here. If any are detected by multiple scanners send example to avast.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Where do I change these settings at?
"Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect*
Here are the results of VirusTotal scan.
Result: 3/33 (9.1%)
Loading server information…
Your file is queued in position: 1.
Estimated start time is between 37 and 53 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.26.0 2008.06.26 -
AntiVir 7.8.0.59 2008.06.26 -
Authentium 5.1.0.4 2008.06.25 -
Avast 4.8.1195.0 2008.06.26 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.26 -
BitDefender 7.2 2008.06.26 -
CAT-QuickHeal 9.50 2008.06.26 -
ClamAV 0.93.1 2008.06.26 -
DrWeb 4.44.0.09170 2008.06.26 -
eSafe 7.0.17.0 2008.06.26 -
eTrust-Vet 31.6.5907 2008.06.26 -
Ewido 4.0 2008.06.26 -
F-Prot 4.4.4.56 2008.06.25 -
F-Secure 7.60.13501.0 2008.06.24 -
Fortinet 3.14.0.0 2008.06.26 -
GData 2.0.7306.1023 2008.06.26 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.06.26 -
Kaspersky 7.0.0.125 2008.06.26 -
McAfee 5326 2008.06.26 -
Microsoft None 2008.06.26 -
NOD32v2 3222 2008.06.26 -
Norman 5.80.02 2008.06.26 -
Panda 9.0.0.4 2008.06.26 -
Prevx1 V2 2008.06.26 -
Rising 20.50.32.00 2008.06.26 -
Sophos 4.30.0 2008.06.26 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.26 -
TheHacker 6.2.92.362 2008.06.26 Aplicacion/PCPandora.a
TrendMicro 8.700.0.1004 2008.06.26 -
VBA32 3.12.6.8 2008.06.26 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.26 -
Additional information
File size: 2858 bytes
MD5…: 75daeb8b57a654f216c40474776341d4
SHA1…: 479146f52cefcdce381d177ce2fc3fbe18b2cece
SHA256: 6ab38262f3e991bf1d44e212b1f8ae5dfd9818c2ee3fe85a4953030862a5a6fe
SHA512: 42c35d388d31841526d1dbfe0782189b58a7459245b4bdec5281ad1a57508a9d
cef9326a178de6f816efc54f3ceab3310e3d1193550b44f38bfca8e7c0f591bf
PEiD…: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10000000
timedatestamp…: 0x438c4067 (Tue Nov 29 11:49:59 2005)
machinetype…: 0x14c (I386)
( 1 sections )
name viradd virsiz rawdsiz ntrpy md5
.reloc 0x1000 0x8 0x200 0.02 2c38765194d27b75f56d0565088a53ee
( 0 imports )
( 0 exports )
It is in the settings for the Standard Shield, access it by left clicking the avast ’ a ’ icon, from the pop-up if you see a button named Details… >> click it nof find and select the Standard Shield and follow the instruction as above.
It would appear to be a false positive, send the sample to avast as outlined in the above link, how to report it, etc.
Ok, a little different in my version, but I found where to create an exclusion and did so. However, the file keeps recreating itself back in C:\System32. So the pop-up warning is still coming up. Any further action?
I did report the file, it’s location and the VirusTotal scan to Avast.
Thanks for all your help.
I can’t see why it needs to keep recreating itself if you have the exclusion set correctly avast there wouldn’t be any detection.
So what version of avast do you have ?
Where exactly are you setting the exclusion (it must be where I said it must be in the standard shield provider which looks after on-access scans) ?
What exactly are you putting in the exclusion (it needs to be the ful path to the file) ?
Well, looks like the latest Avast update 080627-0 fixed the issue. Again, thank you for your help. If nothing else, I learned a little more about my computer. Thanks!!
You’re welcome.
Stick around and browse the forums, especially the sticky topics at the top of each of the forums, not to mention the avast help file. They provide a wealth of information to help you get the best from avast.