Avast 4.8 detects virus in RainBrowser.exe

[thedolphindude]

There was a similar error reported in this thread, only the program detecting the virus was Sophos, and Avast came up clean.http://rainmeter.net/forum/viewtopic.php?f=4&t=1831&hilit=virus
I now have a problem with Avast 4.8 detecting a virus in Rainmeter 1.1, Rainbrowser.exe specifically. The Avast log looks like this:

11/14/2009 9:56:40 PM SYSTEM 1276 Sign of "Win32:Malware-gen" has been found in "C:\Program Files\Rainmeter\Addons\RainBrowser\RainBrowser.exe\[UPX]" file.

I decided to do a little test to see if it was actually infected. I would download the .zip version of rainmeter 1.1 x64 and replace the "infected" file with a clean one. But here is the log of the alert i got when trying to download it:

11/14/2009 10:02:41 PM SYSTEM 1280 Sign of "Win32:Malware-gen" has been found in "http://rainmeter.googlecode.com/files/Rainmeter-1.1-64bit.zip\Addons\RainBrowser\RainBrowser.exe\[UPX]" file.

I downloaded anyway and scanned the file with clamwin. It came up clean. I'm pretty sure this is a false positive, as it just started happening today and even with a presumably clean copy of rainmeter, but I figured it should be reported. Is there any reason to believe this is the real deal, or can I just ignore it?

[jsmorley]

There was a similar error reported in this thread, only the program detecting the virus was Sophos, and Avast came up clean.http://rainmeter.net/forum/viewtopic.php?f=4&t=1831&hilit=virus
I now have a problem with Avast 4.8 detecting a virus in Rainmeter 1.1, Rainbrowser.exe specifically. The Avast log looks like this:

11/14/2009 9:56:40 PM SYSTEM 1276 Sign of "Win32:Malware-gen" has been found in "C:\Program Files\Rainmeter\Addons\RainBrowser\RainBrowser.exe\[UPX]" file.

I decided to do a little test to see if it was actually infected. I would download the .zip version of rainmeter 1.1 x64 and replace the "infected" file with a clean one. But here is the log of the alert i got when trying to download it:

11/14/2009 10:02:41 PM SYSTEM 1280 Sign of "Win32:Malware-gen" has been found in "http://rainmeter.googlecode.com/files/Rainmeter-1.1-64bit.zip\Addons\RainBrowser\RainBrowser.exe\[UPX]" file.

I downloaded anyway and scanned the file with clamwin. It came up clean. I'm pretty sure this is a false positive, as it just started happening today and even with a presumably clean copy of rainmeter, but I figured it should be reported. Is there any reason to believe this is the real deal, or can I just ignore it?

It is a false positive. You can ignore it, or get an update to RainBrowser here: http://rainmeter.net/forum/viewtopic.php?f=81&t=1869 which removes a compression method that AutoIt uses that some antivirus packages are seeing as a virus. This is SUDDENLY happening to everyone writing stuff with AutoIt (I even see comments on Mepu's thread on deviantArt since he uses AutoIt for an install program) and although it can be ignored I know it's annoying. I assume the AutoIt folks will get a handle on this and get in touch with the antivirus vendors, but in the meantime I can live without the compression. RainBrowser isn't all that big in any case.

[jsmorley]

Ugh... It's worse than I thought. As of an update to Avast this evening (in the last few hours) it is flagging RainBrowser.exe even with compression turned off. I have sent a report to Avast letting them know of the issue, I hope it will get straightened out sometime tomorrow when Avast updates again.

Edit:

In the meantime, you can create an exception in Avast for RainBrowser by right clicking the tray icon and selecting "On-Access Protection Control". Then under the "Customize" button for "Standard Sheld" and "Advanced" add an exception for "*\RainBrowser.exe" (without the quotes)

[jsmorley]

Unfortunately we are getting this now, as of an update to Avast 4.x this evening... Again, I hope to see it fixed by them tomorrow sometime.

http://virusscan.jotti.org/en/scanresult/dd0e0e0bb80c95e53f0a37429f4720f89b19fd48

[jsmorley]

Update:

Looks like they fixed it. I just did an update to Avast and the problem is resolved.

[karmat]

I was glad to see this post, since I got the 'virus' message from Avast as I was shutting down last nite. Since it said RainBrowser.exe I wasn't too concerned, and figured I'd check it out this morning.

Started a virus scan this morning and went looking for some answers - and found them as usual in this forum - thanks again, Morley!

My scan just finished and it doesn't show up anymore!

[thedolphindude]

Cool, it's working again. Thanks a lot, that was faster than I expected.

[nodule12]

URgh, I have had so many problems with avast. Download AVG antivirus instead.

[casa3]

Well...I don't use any program of these. I use something else and I see it's perfect. I have no trojan so I have a reason to suggest you to try it too. You can find it here version 7 of kaspersky