dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed


Justakiwi
Premium
join:2004-11-24
new zealand
reply to tmpchaos

Re: dcnet flagged as trojan by AVG

said by tmpchaos:

I've seen that happen before... usually on the download itself. It is a false positive, but I'll have to consult with someone who knows AVG to know how to remove it from quarantine.
Thanks! AVG has an option to "restore" it, but every time I do that, it just flags it again straight away. The "ignore" button, ignores it (as in, doesn't put it in quarantine) but stops you from accessing it, which seems pretty stupid to me. If something is a false positive there must surely be some way to tell AVG to ignore it properly.

Weird thing is, it's been running ok for over a week. It's only today that AVG has bothered to notice it.
--
"Stand up and walk out of your history" ~ Phil McGraw


tmpchaos
Requiescat in pace
Co-Lead Mod
join:2000-04-28
Hoboken, NJ
Reviews:
·Optimum Online

I've received this:

From the free AVG forum

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.

If it is a false positive , turn off hueristic scanning for the time being. When Grisoft adjusts the virus defintions you can turn it back on. If you are unable to still test/email the file after disabling the hueristics, you will need to temporarily disable the Resident Shield.

. Restore file from Virus Vault noting its path\filename.
2. Temporarily disable the AVG Resident Shield
3. Test the file at Jotti
4. If found to be not infected, report it to Grisoft in an email
5. Re-enable the Resident Shield and Grisoft should update it soon ( usually less than a day but it varies )

Go back into AVG and open the Virus Vault... the "trojan" ( if it is one, at this time we are making an assumption that it is a false positive but only testing can say for certain ) should be listed there... it will also list the original location of where the file was located... write down the location and filename that it shows you... something like ( this is a fake example ) ... C:\Program Files\Google Desktop\somefile.exe ... highlight the entry and select to restore it to its original location.

Disable the AVG Resident Shield from the AVG Control Center

Now, visit the Jotti website that was mentioned, click the browse button on their website and browse to the file you wrote done the location to earlier. This will upload the file to their website where they will test it with many antivirus programs. If only AVG detects it as a threat... then that indicates it is a false positive and you should follow the other instructions for reporting it using email ( archive the file with a password, email the archive and tell them the password you used ).

Now, re-enable the Resident Shield and wait until Grisoft has corrected the false positive, usually this will happen by at least the next day if not sooner but the time will always vary some.

If after that you still have problems... use the System Restore to restore to a point just before the problem showed up.

--
I get slandered
Libeled
I hear words I never heard in the bible
.

***ATMFAQ***DIFAQ***Kitchen Sink***


Justakiwi
Premium
join:2004-11-24
new zealand

Thanks for that. I ran it through the online scanner and as expected, AVG was the only scanner to detect it. I tried sending it (zipped) to Grisoft but my darned ISP keeps stripping the attachment. I tried renaming it with a .txt extension but they still stripped it. I'll try again and if I can't get it to send I'll try the system restore option.
--
"Stand up and walk out of your history" ~ Phil McGraw



tmpchaos
Requiescat in pace
Co-Lead Mod
join:2000-04-28
Hoboken, NJ

This might help: »Security »How do I create a password protected zip file?



Justakiwi
Premium
join:2004-11-24
new zealand

2 recommendations

reply to Justakiwi

Well apparently my email (and file) did get through to Grisoft in spite of my sent mail stating "attachment stripped". I received an email from them last night confirming that it was a false positive and the problem would be resolved with the next update. Sure enough, this morning's update has fixed it and AVG is no longer flagging dnetc.exe.

Thanks for the help!
--
"Stand up and walk out of your history" ~ Phil McGraw



tmpchaos
Requiescat in pace
Co-Lead Mod
join:2000-04-28
Hoboken, NJ

Excellent!