Is this a true positive, it just happened after an Avast update today.
impossible to say…
you dont tell us what file was detected?
where it was located…full file path?
That is no wonder when you read this: http://www.mywot.com/en/scorecard/yazakpro.com?utm_source=addon&utm_content=popup-donuts
Now has TR/Dropper.Gen malware found there
Avast is not the only one to flag this: https://www.virustotal.com/file/ca85de7aa4e9c166c8b7672114e6685721938cf8447ad08429e4d7a750bb74fe/analysis/
The lowest qualification is riskware to malware trojan dropper, but that malware apparently has been closed after being active for 58.9 hours from 2011-01-13 12:58:20
All files found to be clean here: http://quttera.com/detailed_report/yazakpro.com
But zulu Zscaler comes up with 100/100% malicious: http://zulu.zscaler.com/submission/show/2d3246dad7150fb251476352186ce1d4-1355233490
Latest VT rescan:
https://www.virustotal.com/file/ca85de7aa4e9c166c8b7672114e6685721938cf8447ad08429e4d7a750bb74fe/analysis
/1355233616/
polonus
c:\program files(x86)\zakfromanotherplanet\yazak chat\yazak.exe is the path and file name, please let me know if you need anymore information.
have you moved the file to chest?
if not you can upload and test the file at www.virustotal.com
Looks like yazak updated the program so that it doesn’t cause the false positive.
Hi Pol,
Your request has been reviewed. You send us the file is not a threat.Thank you for your cooperation.
Sincerely,
Virus Monitoring Service Ltd. “Doctor Web”This is software generated mail message on behalf of virus hunters activity.
Category: SUSPICIOUS FILE
File: installvoice.exe
MD5: ffb32c99dbf7a81a6b4867dacbefe213
Hi Dimitrij,
Good you had DrWeb’s analysts look into the matter. The malware there has been closed, and that is confirmed by DrWeb’s findings. So the only thing that still stands is that this executable could be considered a PUP (possibly unwanted program) or riskware (only to be installed if user downloaded and installed it intentionally). VirusWatch gives the threat also as closed, it might be that avast is still reacting on the supposed malware that has been removed from there after being active for more than 2 days. Well that is what you get with the ever changing malware landscape, avast running a bit behind the actual and factual situation. It is all in the av detection bargain. The same we find with IP blocks etc. In the mean time the reason for the initial block may have been gone…
Dim@rek, thanks again for your contribution to this thread,
polonus