Please send us falsely detected DLL to virus@avast.com in password protected archive (rar, zip). As password use “infected” without quotes. To email subject please write “false positive” (without quotes). Then will be false positive alert fixed in next VPS update.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be carefull, you should ‘exclude’ that many files that let your system in danger.
I just updated to avast 4.8, and ran the scanner. It found a ts.dll in my klite codec program folder, and in my system restore folder. both are considered VAPSUP-bn adware. I used Virus Total, and got a 2 out of 32, one being avast 4.7 and icarus the other. It makes me think its safe if others don’t have a problem with it. I even checked it after Avast did an virus update. I have had KLite for awhile, and all my spware programs have had no problems with it.
Should I be worried!
Thanks in advance!
What was the malware name given by both detections ?
That would give a better indication of safety, etc. but it is likely (not definitely) to be an FP you should submit it for analysis.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
If it is indeed a false positive, add it to the exclusions lists: Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
The type of malware was a Win32:Vapsup-BN[Adw]. It supposedly resided in a filters folder for a K-Lite codec pack, which there was a ts.dll. A system restore folder also had this type of adware. I have emailed these files to Advast from the Virus Chest. It said that the files were sent with errors.
Maybe your SMTP settings into avast aren’t correct.
Try to send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be carefull, you should ‘exclude’ that many files that let your system in danger.
I can’t compress the original file because as soon as I click on it avast throws up a warning, and my compression program says another program is using it. I don’t know my server address, I’m guessing it’s different than the one they showed in the help file. I put my email address, and hoped that was enough. If you feel I should exclude it from scans I will. Any suggestions on how to figure out my server address?
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.