Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: calcu007 on May 22, 2010, 01:25:04 AM

Title: 1click dvd copy false positive
Post by: calcu007 on May 22, 2010, 01:25:04 AM: When it will fixed permanently? Each time that 1click is updated avast flagged it with w32.Vitro virus and I had to report it to Avast.
Title: Re: 1click dvd copy false positive
Post by: Lisandro on May 22, 2010, 03:08:18 AM: I can't say for sure... but Vitro is a very dangerous infection. Are you sure it's a false positive?
Can you send to www.virustotal.com and check?
Title: Re: 1click dvd copy false positive
Post by: calcu007 on May 22, 2010, 07:26:44 AM: Quote from: Tech on May 22, 2010, 03:08:18 AM
I can't say for sure... but Vitro is a very dangerous infection. Are you sure it's a false positive?
Can you send to www.virustotal.com and check?

Yes, only Avast and Gdata report a virus
Title: Re: 1click dvd copy false positive
Post by: DavidR on May 22, 2010, 03:32:59 PM: If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Your signature doesn't say what version of avast so I have assumed (not good) that you have 5.0.545 the latest avast version.
Title: Re: 1click dvd copy false positive
Post by: Maxx_original on May 22, 2010, 05:04:44 PM: it's because 1click is in each new instance packed with ACProtect/UltraProtect and the unpacked binary contains some "noise" that triggers this detection.. it is really difficult to fix such stuff permanently..
Title: Re: 1click dvd copy false positive
Post by: Lisandro on May 22, 2010, 05:40:44 PM: Thanks Maxx for throwing some light on what is happening. We appreciate the feedback.
Title: Re: 1click dvd copy false positive
Post by: DavidR on May 22, 2010, 06:08:17 PM: Quote from: Maxx_original on May 22, 2010, 05:04:44 PM
it's because 1click is in each new instance packed with ACProtect/UltraProtect and the unpacked binary contains some "noise" that triggers this detection.. it is really difficult to fix such stuff permanently..

Perhaps something to add to a checking list (to maintain the latest 1click version), not a white list as such as you wouldn't want to ignore it completely. Or if it is based on the packers, perhaps other checks if it comes up Vitro.
Title: Re: 1click dvd copy false positive
Post by: Maxx_original on May 22, 2010, 06:50:16 PM: Vitro generates false positives very rarely, but it can happen from time to time, mostly under some "strange" packers (ASProtect, ACProtect) as they modify the file to a similar form :-\
Title: Re: 1click dvd copy false positive
Post by: calcu007 on May 22, 2010, 07:02:27 PM: It is rara that it dont happen in their PRO version