Hi,
I have a script for mIRC that is called multiscript, it is throwing A LOT of false positives, especially in a dll called msn.dll, I know for a fact that this file is not infected, as I have created this file myself. Is there any way to make avast! skip this file when its doing its scans?
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.
Besides what Tech has said you should submit this to avast for analysis.
If you are (not) getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (after adding it to the User Files section of the chest).
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
What is the malware name associated with the detection/s ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
I dont “think” its a false positive…im absolutely 100% sure it is a false positive as I have stated, I created this file myself, no other anti-virus has detected this thing as a virus, and avast for some reason does. Win32:Trojan-gen. {Other} is the name it gave…i scanned it with an online scanner that uses avast and other engines…and it comes up with motherboardmonitor…and i know for a fact that isnt malware…its diagnostic tools!
avast version:4.7.986
virus database:000735-2
Also known as the very latest virus database update and the very latest program update
avast isnt the only one to cry about it…but…its still in fact a false positive because of the fact its intention is not to harm…just to gather information. Avast probably sees it going into ram and searching…and screams at me. I’m not really worried about it, I just would like this DLL file to be removed from avast’s vdb as being malware is all.
This is getting me sad now…avast doesnt like my program dll files :(. I would never intentionally make something flag in my avast unless it was the eicar test file.
I’m sure you don’t make files that will intentionally trigger virus alerts, that is why I suggested confirmation, posting the results here gives that confirmation. The same problem has happened with Tech for another scripting tool auto-it (I believe) that somehow in the compiling of the file it creates something that is though incorrectly or otherwise to be infected.
The only way to resolve an FP is by, confirmation and submission as I outlined above, in the submission you can refer to this topic which shows the confirmation (if results of VT or Jotti are posted).
It is an exercise in patience … you will hear perfect silence … contribution is it’s own reward … well that and eventually no longer being bugged by the false positive.
Generally you won’t hear unless they require more information. Leave the file path in the exclusions and periodically scan a copy in the chest to see if it isn’t detected and then remove the exclusion.
However I would have thought it would have been dealt with by now they are usually quick to resolve an FP. You could try sending it again, this time from the chest and see if that helps.
But is the file still being detected as infected? Is it really a false positive?
If they did not correct this yet, it will be a shame, answering or not answering to the user.