Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Bucko on March 06, 2003, 02:34:58 AM

Title: W32 Trojan
Post by: Bucko on March 06, 2003, 02:34:58 AM
  I just did a system scan and Avast! says that my SOF noCD.exe is infected with W32 Trojan-gen. Is this a false postive? I just switched to Avast!4 from NAV, it never detected this.
Title: Re:W32 Trojan
Post by: raman on March 06, 2003, 05:52:19 AM
That is possible, send the file to support@asw.cz and they will tell you if it is a flase alarm, or not.
Title: Re:W32 Trojan
Post by: Bucko on March 06, 2003, 06:06:29 AM
 Raman
  The file is on its way....Thanks
Title: Re:W32 Trojan
Post by: jack_mort on March 07, 2003, 06:40:19 PM
Hi !

I also got this message while scanning my hdd : it found W32 trojan into a file from winrar. Then i scanned the installer and it also found it. I do believe this is a wrong alert because i re-downloaded the file from rarsoft.com, re-run the scan and it still found the "virus". I then scanned it with NAV (on another computer) and it found nothing ...

Can i also send the file to the mail address ?
Title: Re:W32 Trojan
Post by: raman on March 07, 2003, 06:57:57 PM
Yes, seems to be a false alarm. Unpack it with UPX and Avast would not allert anymore!;)
support@asw.cz is always a good place for these kind of things.
Title: Re:W32 Trojan
Post by: Pavel Baudis on March 07, 2003, 08:00:14 PM
Hi,
we have just released the new VPS update. Please check if it still reports the Trojan and if yes, please send the file to our technical support - support@asw

thanks,
Pavel
Title: Re:W32 Trojan
Post by: raman on March 08, 2003, 08:01:41 AM
I do not know, what you have done, but iAvast still reports the Trojan in the default.sfx of the Winrar 3.0 Package.

BTW: Did i say that i "hate" the "Trojan gen" identification? Why don´t you name the Backdoor/Trojan by a "real" name?
Title: Re:W32 Trojan
Post by: jack_mort on March 08, 2003, 11:15:26 AM
Well, for me the "false" warning has disapeared :)

Thx a lot :)

Oh and, btw : very good *free* little proggie 8)
Title: Re:W32 Trojan
Post by: kubecj on March 09, 2003, 11:22:28 PM
BTW: Did i say that i "hate" the "Trojan gen" identification? Why don´t you name the Backdoor/Trojan by a "real" name?

Gen = generic. Lots of other manufacturers name such items in similar way, as it's often too much hassle to name such rubbish. See for example Norton and its Bloodyhound  8)
Title: Re:W32 Trojan
Post by: Pavel Baudis on March 11, 2003, 01:01:27 PM
Raman asked:
Quote
BTW: Did i say that i "hate" the "Trojan gen" identification? Why don´t you name the Backdoor/Trojan by a "real" name?
Just FYI: currently avast! detects more than 12000 different Windows malware programs as Trojan gen. It uses very special general method to do this. We do not plan to attach the unique name to every piece of malware detected by this method...
Title: Re:W32 Trojan
Post by: raman on March 11, 2003, 03:05:11 PM
I do not say that you should change it, just that i hate it. Like Norton or F-prot. I mean the nameing of Malware not nessecary the Product. ;)

But you have to admit, that it was easier to help Users, if you(me)know what Malware was detected. Now you always have to say: Send it to the Support.  And that is very time-consuming. You should not wonder if somebody who wants to help say that he should try an other Software or onlinescan to find out what kind of Malware it is.

It isn´t easy to find out if it is a false alarm or not.
Title: Re:W32 Trojan
Post by: Pavel Baudis on March 11, 2003, 04:05:05 PM
Yes, but IMHO all AV programs use (more or less) generic malware detection. I admit that our Trojan-gen naming is quite close to the extreme  ;) but with any product it could be very difficult to give the really qualified advice to the user without the sample...
Title: Re:W32 Trojan
Post by: raman on March 11, 2003, 07:14:40 PM
Yes, your Trojan-gen naming is extrem!;) I  am glad, that you have to drop the trojan-generic(UPX!) Signature, if Avast supports UPX unpacking! ;)

But with this Method of generic detection, you have to "life" with more False alarms
Title: Re:W32 Trojan
Post by: Pavel Baudis on March 12, 2003, 08:50:37 AM
Quote
But with this Method of generic detection, you have to "life" with more False alarms
Well this is not true - even the generic method could be very resistent to false alarms. The main problem as I see it is that it is much more difficult to distinguish (without sample) if it is a false alarm or not...

Pavel