If i click in a thread in Software and Services [ShadowDefender...new kid on the block],i get an alert from Avast saying ''Killfiles-L Trojan discovered,would you disconnect". Perhaps its a FP but i like to know you that this even can happen here on Wilders.

{QUOTE-> Perhaps its a FP but i like to know you that this even can happen here on Wilders. <-QUOTE}

Yes indeed: False Positives can happen absolutely anywhere... ;D

Could it be Avast objecting to this sample command posted by ErikAlbert:

http://www.wilderssecurity.com/supportfiles/avast-killdisk-fp-image.jpg

The command, if run, could indeed wreak havoc, deleting most files in the root of C.

Just sitting there on the web page it is of course harmless, let alone a 'trojan'.

{QUOTE-> Yes indeed: False Positives can happen absolutely anywhere... ;D

It's probably Avast objecting to this sample command posted by ErikAlbert:



The command, if run, could indeed wreak havoc, deleting most files in the root of C.

Just sitting there on the web page it is of course harmless, let alone a 'trojan'. <-QUOTE}

Yes but how to get rid of these annoying messages ? And thanks for to give me some peace of mind.

I guess that Avast is detecting this command

http://www.wilderssecurity.com/supportfiles/avast-killdisk-fp-image.jpg

See (http://www.wilderssecurity.com/showthread.php?t=183750) a similar behaviour with NOD32.
EDIT:
TonyKlein was faster ;D

{QUOTE-> Yes but how to get rid of these annoying messages ? <-QUOTE}
I'm not familiar with Avast myself, but I suspect you can't.

Why not bring this to their attention by posting at the Avast! forum: http://forum.avast.com/


{QUOTE-> And thanks for to give me some peace of mind. <-QUOTE}
No prob, you're welcome. Happy surfing. :)

FYI - It also appears to be a recent update to avast! that caused this false positive. When I saw this thread, I booted a PC where I have avast! installed, went to the thread in question and didn't get the alert. I had to update avast! in order for it to start flagging the various posts in that thread containing that DOS DEL command. The definitions were probably a week or so old before the update was run and the f/p started appearing.

So, if it is a recent addition to their detections, they'll simply need to think about just how they added it and come up with a way to tailor it so it doesn't flag by merely reading a webpage with that command in it.


Note: Since avast! was also flagging this thread for the same reason, I edited the two posts above that originally had copies of the DEL command in text and changed them to images of that command.

It's the same situation as this one (http://www.wilderssecurity.com/showthread.php?t=137751):
{QUOTE->
Yes, there is malware code, but in this form it poses no threat.

AV experts still debate about this issue.

Imo this is one of the cases where there's no false positive and no false negative.

I don't think any AVendor will add detection for this, nor will there be AVendors who will remove detection.
<-QUOTE}
{QUOTE->
As Schouw KL stated already - that is basically a "drawn"
It is NOT a malicious website from the point that something could execute, but it contains well know script parts from the worm. Now the thing is that .HTML files basically are belonging into the AV "Script-Type". Loveletter to.
That means the "matching filetype" condition is even fulfilled It would be worse if someone finds a Windows Executable FileInfector in a HTML file...

However, i ALWAYS adviced to such guys which are trying to explain how Viruses are working NOT TO QUOTE OR PASTE directly source code into HTML files, because this always might lead to false positives. Instead of this a black and white PNG picture with the code is ABSOLUTELY SAFE regarding false positives of text based detections.

Mike
<-QUOTE}

{QUOTE-> Note: Since avast! was also flagging this thread for the same reason, I edited the two posts above that originally had copies of the DEL command in text and changed them to images of that command. <-QUOTE}
Since ErikAlbert helped us find this "trojan" maybe he should change his sign-in to EicarAlbert roflol He also helped me discover "new" security for my computer. When the "Avast-sirens" sounded out, my dog started barking and alerted the sleeping-household to the intruder-alert roflol The scotty-bark of WinPatrol is nothing compared to the Avast-sirens and Buddy-bark early on a Saturday morn in my house roflol Thanx EicarAlbert roflol

I posted about KillFiles-L (a.k.a.EicarAlbert lol) at avast forums and waiting for a response http://forum.avast.com/index.php?topic=30578.0

Update 000776-0 seems to solve the FP for Avast. Great support, and on a weekend no less, makes a good product a great one! :thumb: :thumb: * * * * *