Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Sartigan on June 09, 2009, 03:09:51 PM

Title: Viruslike codes
Post by: Sartigan on June 09, 2009, 03:09:51 PM

I tried the avast! Professional and in the game's hack shield (MuOnline.HU) the avast! Home Edition signs for a Trojan. But it's a viruslike code. The game needs it for the hack shield. The avast! Professional doesn't signing for it. There is no virus in the game (the admin says).
If this issue can be fixed, please do it.

Thank you

Title: Re: Viruslike codes
Post by: Lisandro on June 09, 2009, 03:35:55 PM

Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal (http://www.virustotal.com/xhtml/index_en.html) and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan (http://www.virscan.org/) also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) and enable View hidden files and folders (http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp) to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586

Title: Re: Viruslike codes
Post by: Sartigan on June 09, 2009, 04:45:52 PM

This was in the avast!'s log file:
2008.12.05. 14:04:43 SYSTEM 1712 Sign of "Win32:PolyCrypt-CRH [Trj]" has been found in "C:\játékok\MuOnline.HU_S4\wzNpgx.dll" file. Well I would not believe in the fact that this is False positive. The False Positives are registered as a Win32:Trojan-Gen [---], not as a PolyCrypt-CRH [Trj]
This is a virus?

Title: Re: Viruslike codes
Post by: calcu007 on June 09, 2009, 05:04:28 PM

Quote from: Sartigan on June 09, 2009, 04:45:52 PM

This was in the avast!'s log file:
2008.12.05. 14:04:43 SYSTEM 1712 Sign of "Win32:PolyCrypt-CRH [Trj]" has been found in "C:\játékok\MuOnline.HU_S4\wzNpgx.dll" file. Well I would not believe in the fact that this is False positive. The False Positives are registered as a Win32:Trojan-Gen [---], not as a PolyCrypt-CRH [Trj]
This is a virus?

You are wrong not all false positive are detected as Trojan-Gen. Upload the file to Virus Total.

Title: Re: Viruslike codes
Post by: calcu007 on June 09, 2009, 05:11:24 PM

It appears to be a virus, check this site

http://spywaredlls.prevx.com/RRHAIA44937528/WZNPGX.DLL.html

Title: This is NOT A VIRUS
Post by: Sartigan on June 12, 2009, 03:33:04 PM

I have found the "virus". The avast! has a "bug" with it's virus filter. The "infected" file is condensed. This is not a virus!! Please fix that "bug" in the avast! Home Edition. The website (what calcu007 wrote) writes the following: The Process is packed and/or encrypted using a software packing process.