« previous next »
Pages: [1]   Go Down

Author Topic: False positive of Win32:Ircbot-BG [Trj]  (Read 8184 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
False positive of Win32:Ircbot-BG [Trj]
« on: October 02, 2005, 03:39:32 PM »
FlashPaste.exe setup file is being detected as infected by Win32:Ircbot-BG [Trj]
It's a false positive. File already submitted by email for analysis and correction.

Virus has been detected!
File Name: FlashPaste.exe
FileID: 393
Virus Description: Win32:Ircbot-BG [Trj]
Logged
The best things in life are free.

DrRamoray

  • Guest
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #1 on: October 02, 2005, 08:20:36 PM »
I think there is a false positve by firetune.exe too.

Sign of "Win32:Ircbot-BG [Trj]" has been found in "I:\Firefox\firetune\FireTune.exe" file.

http://www.totalidea.com/freestuff4.htm#down
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89665
  • No support PMs thanks
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #2 on: October 02, 2005, 10:12:38 PM »
What version of firetune do you have, mine is 1.0.0.6 and no problem.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #3 on: October 02, 2005, 11:54:25 PM »
Quote from: DavidR on October 02, 2005, 10:12:38 PM
What version of firetune do you have, mine is 1.0.0.6 and no problem.
I have 1.0.6 and don't have problem.
The setup (install file) is clean too.
Which VPS avast! version are you using?
Logged
The best things in life are free.

DrRamoray

  • Guest
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #4 on: October 03, 2005, 12:07:44 AM »
FireTune 1.0.7 released 09/27/05 (see Link) - 1.0.6 is clean

/edit

VPS 0539-4
« Last Edit: October 03, 2005, 12:09:39 AM by DrRamoray »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89665
  • No support PMs thanks
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #5 on: October 03, 2005, 12:25:58 AM »
Well stranger still, I downloaded the 1.0.7 version of firetune it took several attempts using several different download mirrors but I eventualy managed to download it. I scanned the installer firefox.exe file and no warnings at all.

I tried to install it to see what would happen when it was installed (unpacked) and all I kept getting was a CRC error.

Will have to download again and reinstall firetune 1.0.7 or revert to 1.0.6.
« Last Edit: October 03, 2005, 12:28:03 AM by DavidR »
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DrRamoray

  • Guest
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #6 on: October 03, 2005, 12:34:06 AM »
I only use the Zip-Version of FireTune.

Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89665
  • No support PMs thanks
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #7 on: October 03, 2005, 12:45:04 AM »
Well I managed to get it to download and avast alarmed even before completion (on the partial download file of Star Downloader) of the download this time. So strange that two different download sources and two different outcomes.

Same outcome installer or zip by the look of it.

Edit: I have sent it to avast!
« Last Edit: October 03, 2005, 12:51:37 AM by DavidR »
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DrRamoray

  • Guest
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #8 on: October 03, 2005, 12:51:10 AM »
Now I downloaded the Installler-Version from mirror 4, same Virus-Notification after scanning.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89665
  • No support PMs thanks
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #9 on: October 03, 2005, 12:54:31 AM »
I would stick with 1.0.6 for the time being and periodically scan the file from within the virus chest. When the VPS is updated it won't detect the file, then you can restore it from within the chest and install.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DrRamoray

  • Guest
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #10 on: October 03, 2005, 12:58:43 AM »
Yes David, I think this is currently the best solution.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89665
  • No support PMs thanks
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #11 on: October 03, 2005, 01:04:04 AM »
This has now been resolved with the latest VPS update 0539-6, so you should be ok now.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DrRamoray

  • Guest
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #12 on: October 03, 2005, 01:07:24 AM »
Confirmed, is fixed with the new VPS 0539-6.

Thanks David for the info and thanks Avast for the quick fix.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89665
  • No support PMs thanks
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #13 on: October 03, 2005, 01:13:59 AM »
No Problem, a belated welcome to the forums.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Re: False positive of Win32:Ircbot-BG [Trj]
« Reply #14 on: October 03, 2005, 02:51:29 AM »
Quote from: Tech on October 02, 2005, 03:39:32 PM
FlashPaste.exe setup file is being detected as infected by Win32:Ircbot-BG [Trj]
It's a false positive. File already submitted by email for analysis and correction.
Fixed in latest VPS 0539-6
Thanks Alwil team, this was really fast  8)
Logged
The best things in life are free.
Pages: [1]   Go Up
« previous next »