Hi silon and garfunkel
You can rest assured that Flash Disinfector is not a malicious program--it's a false positive by AntiVir. As much as I like AntiVir, it is rather distressing that there are so many false positives and many of those are for security tools.
To prevent this from happening anymore I have downloaded FD and then submitted the file as a sample to Avira as a "possible" false positive. First I can confirm that AntiVir flags this file--wouldn't even let me download it while the guard was active. It calls it WORM/Generic.4084
"Generic" or "heuristic" is always a red flag for me that a detection could be a FP.
I have submitted the file to this page: http://analysis.avira.com/samples/index.php
Anyone could--and should do this as well any time a false positve is suspected, just be sure to indicate that it is a suspected FP.
Usually Avira will take 24 hours or less to notify you of whether the file is a false positive or not. This one must have been submitted already because the results were given as soon as the file upload was complete:
"The file 'Flash_Disinfector.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file contains unencrypted malicious patterns. This is an indicator that a legitimate detection or removal program did not encrypt parts that are used to identify malicious content. Please contact the manufacturer of this file."
I was going to post that, once the file is verified to be a FP that the definitions would be updated shortly and this wouldn't be a problem any longer. But that is contradicted by the last part of the above message. They aren't going to change their definitions.
Probably the easiest way to work around this is to go offline--if you are on Broadband physically disconnect--and just before you run Flash_Disinfector, disable AntiVir guard (you can also disable the guard while online just long enough to download the file). Then insert any Flash drive or other removable drives and run Flash_Disinfector. You can then delete Flash_Disinfector--it shouldn't be needed again because it "innoculates" each drive by creating an autorun.inf file/folder in the drive's root folder--don't delete those.
Alternatively, you can tell AntiVir to not scan the file. The only problem with this is that the guard can make exceptions for the processes too for when you run it, but I am not sure which process should be excluded--there may be more than one.
To exclude a file from future detections, do the following:
1. Open AntiVir
2. Click the Extras
menu (top) and choose Configuration
3. Click in the box next to Expert mode
to put a checkmark there--this is important
since the Exclusion option won't show up unless Expert mode is checked.
4. If there is a plus sign to the left of Scanner
, click it to expand and if one is next to Scan
do the same.
5. Click Exception
6. Click the box with the three periods and browse to the file you want to exclude.
7. Click the Add>>
button. The filepath should now appear in the text field to the right of the Add>>
To do the same for the Guard the instructions are the same, except at step 4 substitute Guard
. The instructions are the same for excluding files. For the process, try entering Flash_Disinfector.exe
. Strike that
--I just tried to enter the file name and see it is limited to 15 characters. So you can't exclude this process. I would still exclude the file in the scanner and guard, but when you run the file you are going to have to disable AntiVir Guard first.