Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on September 12, 2017, 05:04:29 PM

Title: False positive
Post by: REDACTED on September 12, 2017, 05:04:29 PM

Greetings, I am a programmer and I am currently writing my version of a game, however, avast, and the virustotal scan detected like malicious the game launcher. I would like you to help me report the false positive and investigate my executable, since it does not alter information or take user input. I don't know how or where to report it.

Scan: https://www.virustotal.com/es/file/175e394b605cc9e6676d053a9163e2db48b5ae6f8639b34c8e4f7e9cc14ad577/analysis/

Game launcher: http://www.returnoftibia.tk/Download

Title: Re: False positive
Post by: Asyn on September 12, 2017, 05:05:42 PM

As you're a developer, read here...
-> https://www.avast.com/faq.php?article=AVKB229
-> https://www.avast.com/faq.php?article=AVKB228

Title: Re: False positive
Post by: Eddy on September 12, 2017, 05:08:45 PM

Looking at the behavior, the application still needs a lot of work.

Title: Re: False positive
Post by: REDACTED on September 12, 2017, 05:12:27 PM

Quote from: Eddy on September 12, 2017, 05:08:45 PM

Looking at the behavior, the application still needs a lot of work.

It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.

Title: Re: False positive
Post by: Asyn on September 12, 2017, 05:13:36 PM

Quote from: Benítez on September 12, 2017, 05:12:27 PM

It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.

See Reply #1 and/or you can report a suspected FP here: https://www.avast.com/false-positive-file-form.php

Title: Re: False positive
Post by: Eddy on September 12, 2017, 05:15:12 PM

It is not detected as a virus, but as a Trojan.

Title: Re: False positive
Post by: Asyn on September 12, 2017, 05:16:47 PM

Quote from: Eddy on September 12, 2017, 05:15:12 PM

It is not detected as a virus, but as a Trojan.

Yep, and I somehow doubt that this is a FP, but the guys at VL have to decide it.

Title: Re: False positive
Post by: REDACTED on September 12, 2017, 05:22:05 PM

Quote from: Asyn on September 12, 2017, 05:13:36 PM

Quote from: Benítez on September 12, 2017, 05:12:27 PM

It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.

See Reply #1 and/or you can report a suspected FP here: https://www.avast.com/false-positive-file-form.php

Thanks, I already did the file report, and it should be simple, in fact I did not protect or obfuscate the code, so anyone can decompile it and verify its behavior. I just encrypted some variants. I could send the .NET project to avast if required.

Title: Re: False positive
Post by: Asyn on September 12, 2017, 05:24:43 PM

As you reported it, wait for an answer from the VL guys.

Title: Re: False positive
Post by: Eddy on September 12, 2017, 05:25:46 PM

If the people from avast need/want more info, they will contact you.

Title: Re: False positive
Post by: polonus on September 12, 2017, 05:26:14 PM

Then you have to consider that every IDS alerts a so-called tk_domain....
IP blacklisted
Google   Google Diagnostic Page
My WOT   WOT Score Card
hpHosts   hpHosts listing
MalwareDomainList   MDL listing
Re: https://urlquery.net/queue/75feedf9-6fa2-40ae-927c-9699b8a6a057

polonus

Title: Re: False positive
Post by: REDACTED on September 12, 2017, 05:29:12 PM

A friend who installed the game yesterday, told me that his avast notified him that my executable would be analyzed in the laboratory, and within a few hours they said it was inoffensive.

Title: Re: False positive
Post by: Asyn on September 12, 2017, 05:49:51 PM

As said, wait for an answer from the VL guys.

Title: Re: False positive
Post by: savcin on September 12, 2017, 07:51:35 PM

Clean status has been set.