Hi all,
I was searching older Threads with the "Search"-Function in these Forums here when my Avast Antivirus suddenly opened up with this Message:

Sign of "BV:KillFiles-M [Trj]" has been found in "http://www.wilderssecurity.com/search.php?searchid=1837241\unp116989114" file.

What a JOKE, a Trojan on these Forums here, HA-HA-HA!
I got the option to terminate the Connection before anything got installed, so i did it.

So which Software to BUY next, for getting rid with this???:o
Greets,
Ben

That's an Avast false positive, already discussed in this forum section (about 8 or 9 threads lower down):

http://www.wilderssecurity.com/showthread.php?t=186153

And also discussed at Avast's forums:

http://forum.avast.com/index.php?topic=30578.0

A definition update for avast was supposed to have fixed it a few days ago. Are your definitions current?

{QUOTE-> That's an Avast false positive, already discussed in this forum section (about 8 or 9 threads lower down):

http://www.wilderssecurity.com/showthread.php?t=186153

And also discussed at Avast's forums:

http://forum.avast.com/index.php?topic=30578.0

A definition update for avast was supposed to have fixed it a few days ago. Are your definitions current? <-QUOTE}


Hi LowWaterMark,
yes, my definitions are from yesterday evening, 30.09.2007.
Sorry, i did not search for existing threads before posting here...
...so this means that the definition update did not fix it?
Greets,
Ben

{QUOTE-> ...so this means that the definition update did not fix it? <-QUOTE}It was supposed to have been fixed. I just fired up my avast system, updated the defs to current, and was unable to get it to alert on any of the threads. However, you were getting it in a "search results" view, according to your link above. Since search links are not shared between members, (and they expire in about an hour or so even for the member who did the search themselves), I can't tell what you were viewing when you got the alert. Can you say what search you performed exactly which you were reviewing in the link you posted above?

Ah ha! The avast! people fixed the f/p when it looks like this in the text:

193902

But, not when it looks like this:

193903

The DEL commands above are images not text, so that they won't trigger any alerts.

lucas1985 has a post in a Software & Services thread that has the command in the second format, and avast still detects that version...

Note: avast! may alert when you click this link (http://www.wilderssecurity.com/showpost.php?p=1087256&postcount=36).

However the detection is done, it appears to still flag on the text of a DEL command that appears in the text of a post.

Yes, it seems that Avast has a new FP every week as noted here and Avast forums. Version 5 is not expected out until 2008. I fear a fix is not coming soon! I think they are busy working on next version and don't have the resources to keep up with Ver.4 false/positives.

{QUOTE-> Yes, it seems that Avast has a new FP every week as noted here and Avast forums. Version 5 is not expected out until 2008. I fear a fix is not coming soon! I think they are busy working on next version and don't have the resources to keep up with Ver.4 false/positives. <-QUOTE}

I'm not sure which FP's you're refering to, exactly. Avast is definitely an AV with less FP's than most others...

This is simply the same alert (not "another" one as the subject of this thread suggests) - I'm sure it will be fixed asap.

Cheers
Vlk

{QUOTE-> Ah ha! The avast! people fixed the f/p when it looks like this in the text:

193902

But, not when it looks like this:

193903

The DEL commands above are images not text, so that they won't trigger any alerts.

lucas1985 has a post in a Software & Services thread that has the command in the second format, and avast still detects that version...

Note: avast! may alert when you click this link (http://www.wilderssecurity.com/showpost.php?p=1087256&postcount=36).

However the detection is done, it appears to still flag on the text of a DEL command that appears in the text of a post. <-QUOTE}
I don't suppose the offending post could be edited to sto the alert? Or must I disable my protection to read that thread? Thanx.

{QUOTE-> I don't suppose the offending post could be edited to sto the alert? Or must I disable my protection to read that thread? Thanx. <-QUOTE}I'm not going to start editing posts that have nothing malicious in them just because one anti-virus is flagging it. I did use images in this thread, and the other discussion of the previous alert condition, so that people who are effected can read the discussion about it. That should be sufficient. People should also understand that false positives happen, and know that they can deal with them when they see one.

Fair enough, was just a thought, I'll just shuffle off and mind my own business.

{QUOTE-> It was supposed to have been fixed. I just fired up my avast system, updated the defs to current, and was unable to get it to alert on any of the threads. However, you were getting it in a "search results" view, according to your link above. Since search links are not shared between members, (and they expire in about an hour or so even for the member who did the search themselves), I can't tell what you were viewing when you got the alert. Can you say what search you performed exactly which you were reviewing in the link you posted above? <-QUOTE}


Hi and sorry,
for answering that late...
when i was searching, i searched for the title of my first Topic in the Acronis Forum: "How to Backup correctly", and got a List of Results from all Forums.
while reading Threads with tabbed Browsing of Mozilla Firefox 2, the Alert occured...
...but as it seems, we simply must act with Brain to avoid Damages, so nothing irregular then...
Thank You for the Time to find the Solution for this anyway;)
Greets,
Ben