Author Topic: possible false positive Win32:Trojan-gen. {UPX!} (Read 5509 times)

vern · « **on:** January 20, 2005, 07:51:46 PM »

I am using Avast Pro version.
I think I have a 'false positive' being detected, and I MUST know the answer. I am shipping software that his packaged using
ClickTeam's Install Creator Pro. Virtually all the installs created using this installer are now being detected as infected with
Win32:Trojan-gen. {UPX!}
Needless to say, if this IS a false positive my customers will soon be informing me and I have a problem.

Please tell me how I can establish definitively if this is a false positive, and how I would prevent my installs from reading as a false positive.

Vern

lee16 · « **Reply #1 on:** January 20, 2005, 08:06:50 PM »

To find out if its a false positive or not, upload/scan the file detected with this online scanner here (link below).

http://virusscan.jotti.dhs.org/

let us know the results

And to stop the false positive from being detected (if it indeed is a false positive), send/email the file in a Password protected archive (winzip or Winrar are best for this) to virus@avast.com , in the email mention that you think its a false postive and why. also the filepath you found it in, and also any other info you feel is nessersary.

--lee

vern · « **Reply #2 on:** January 20, 2005, 09:09:02 PM »

I tested the original file one of many, and on
http://virusscan.jotti.dhs.org/
there were two hits:
Avast: Win32:Trojan-gen.
and
Dr. Web: Trojan.Ulone

However, I created a new installer with one program in it (which I scanned and found no infection in). I created this installer with on access protection ON. As soon as I viewed the folder containing the new installer in it I got a hit from AVAST on the new installer. I am fairly confident that this is a false positive on WEB installers created with the ClickTeam product.

I will submit the file.

Vern

vern · « **Reply #3 on:** January 20, 2005, 09:55:49 PM »

I have submitted the 'false positive. However, I have also downloaded the latest version of the ClickTeam Install Creator Pro and re-created the same installer. Now the installer does not trigger an alert.

My thinking now is that the old install creator version had code in it that was eliminated on the new version (possibly for the exact reason that it would trigger virus detection).

Fun and games for everyone!

Vern

Lisandro · « **Reply #4 on:** January 22, 2005, 01:37:20 AM »

Quote from: vern on January 20, 2005, 09:55:49 PM

I have submitted the 'false positive.
My thinking now is that the old install creator version had code in it that was eliminated on the new version.

Your assumption is right...
Welcome to avast

Author Topic: possible false positive Win32:Trojan-gen. {UPX!} (Read 5509 times)

vern

possible false positive Win32:Trojan-gen. {UPX!}

lee16

Re: possible false positive Win32:Trojan-gen. {UPX!}

vern

Re: possible false positive Win32:Trojan-gen. {UPX!}

vern

Re: possible false positive Win32:Trojan-gen. {UPX!}

Lisandro

Re: possible false positive Win32:Trojan-gen. {UPX!}