Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: river251 on October 05, 2010, 02:18:02 PM
-
I read an entire thread on the Hupigon-ONX trojan because I just installed Avast and it found several instances of the trojan.
The thread suggests these may be false positives. But after hoping the thread would help me, it has no conclusion.
The thread is months old and Avast has not given any answer about whether this is just false positive behavior or real problem detection. This is pretty poor. If Avast does not respond meaningfully to problems, I'll just need to uninstall it, there are other options.
So what's your response Avast?
-
There can't be a specific answer as each case would have to be on the specific detection, file name and location, etc. Where there is a common theme, e.g. detection of virtual images, then there is a probability it could be an FP as these files are somewhat different (being very large, and possibly compressed) so may have some match to that particular detection/signature string.
A virtual or backup image may not be in an archive format that avast can unpack, so it would be scanned in its raw data state and that could produce a strange character string mismatch.
So if you don't say what the detection is on, no one can even hazard a guess as to what it might be ?
With virtual images they are to big to upload to the likes of virustotal where they can be scanned by over 40 different scanners to confirm the detection or not.
So if it is in a virtual/backup image, and when in that virtual or prior to a back-up image being made there were no avast alerts, I would suggest excluding those virtual/backup images file types from scans. That is what I do with my backup images, not because of alerts, but because a) they are large and would slow scanning (if they can even be unpacked) and b) I am confident my system was clean prior to making the backup (having done a system scan first).
-
Thanks. I'm not at the computer now but these hits are not on backups, compressed stuff, ghosts, images, virtual stuff, as I don't use any of that. Just typical files found on a Win7 machine.
Jim
There can't be a specific answer as each case would have to be on the specific detection, file name and location, etc. Where there is a common theme, e.g. detection of virtual images, then there is a probability it could be an FP as these files are somewhat different (being very large, and possibly compressed) so may have some match to that particular detection/signature string.
A virtual or backup image may not be in an archive format that avast can unpack, so it would be scanned in its raw data state and that could produce a strange character string mismatch.
So if you don't say what the detection is on, no one can even hazard a guess as to what it might be ?
With virtual images they are to big to upload to the likes of virustotal where they can be scanned by over 40 different scanners to confirm the detection or not.
So if it is in a virtual/backup image, and when in that virtual or prior to a back-up image being made there were no avast alerts, I would suggest excluding those virtual/backup images file types from scans. That is what I do with my backup images, not because of alerts, but because a) they are large and would slow scanning (if they can even be unpacked) and b) I am confident my system was clean prior to making the backup (having done a system scan first).
-
What kind of files/registry entries/whatever does avast! identify as infections?