False Positive : Win32:Trojan-gen (other)?

[Blizzard]

Hi all

First time user of Avast after finally uninstalling Norton after six years use .... yes I waited six years to remove that piece of bloatware! :-)

The first full Avast scan I have performed revealed that a .exe called Homepgui.exe is infected with the Win32:Trojan-gen (other) virus. Homepgui.exe appears to relate to the free software disk that came with my PC.

An online scan of the file produced the following result:

http://virusscan.jotti.org/en/scanresult/f06c5803d97fefeff68facd7a8a7c80c98764fa3/2d296c4b5186da2f1c99e187f99a493f1dd0e925

I have mailed the file to the guys at Avast for a response, however judging by the mixed results from the online scan I have marked it as a false positive in my email.

Has anyone reported this before?

Many thanks

[nmb]

I think this is a fp. because all of the scanners are detecting it as heur or generic.. good that you uploaded it to avast. if you let us know which free program it is then it would be helpful. also, wait for someone to confirm here from alwil team that it is a fp.

[DavidR]

When it is detected again (if you took no action scan it again), there is link at the bottom right of the alert window to Report as false positive, see image. It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done. This new submission method may get a faster response and avoids the possible loss/deletion during email submission by an email server.

[Blizzard]

Many thanks for the responses guys.

The action I took was to select the 'Move to Chest' option. I then used the option to send which says "Email to Alwil Software' but doesn't actually email, as you correctly said DavidR!

After I selected iAVS Update a message box appeared to confirm that it had been sent.

The .exe in question I think fires up when I insert a Software Library DVD that came with my Packard Bell PC although I can't be sure. Unfortunately I can't give you any more info than that as there isnt much printed on the DVD itself and scanning through the contents shows that it contains several software titles from various companies.

Fortunately I haven't used the DVD in years so having the .exe in the chest isn't a problem.

My gut feeling is that it is a false positive, however I will of course await the relevent comments from the Alwil team!

[DavidR]

If it is an FP, once confirmed, avast are quick to correct. Periodically scan the file (after VPS updates) from 'within' the chest. When it is no longer detected you can restore the file right click on it within the chest and select Restore. A copy will remain in the chest, confirm the file is back in the original location and delete the copy in the chest.

Welcome to the forums.

[Milos]

Thanks for sending sample, it's false positive and will be removed.

Milos

[DavidR]

Thanks Milos.

@ Blizzard
I told you it wouldn't take long

[Blizzard]

Milos, many thanks for confirming the FP and for the quick response. Keep up the good work!

DavidR, thanks also for your help. I have definately become an Avast convert.... the memories of allowing Norton to occupy my PC for so long are slowly slipping away! :-)

[Lisandro]

the memories of allowing Norton to occupy my PC for so long are slowly slipping away! :-)

You can't even imagine how many ex-Norton users we have here

[DavidR]

<snip>
DavidR, thanks also for your help. I have definately become an Avast convert.... the memories of allowing Norton to occupy my PC for so long are slowly slipping away! :-)

You're welcome.

Many having made the switch to avast from Norton feel exactly the same way