Author Topic: W32 Trojan  (Read 15144 times)

0 Members and 1 Guest are viewing this topic.

Bucko

  • Guest
W32 Trojan
« on: March 06, 2003, 02:34:58 AM »
  I just did a system scan and Avast! says that my SOF noCD.exe is infected with W32 Trojan-gen. Is this a false postive? I just switched to Avast!4 from NAV, it never detected this.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:W32 Trojan
« Reply #1 on: March 06, 2003, 05:52:19 AM »
That is possible, send the file to support@asw.cz and they will tell you if it is a flase alarm, or not.
MfG Ralf

Bucko

  • Guest
Re:W32 Trojan
« Reply #2 on: March 06, 2003, 06:06:29 AM »
 Raman
  The file is on its way....Thanks

jack_mort

  • Guest
Re:W32 Trojan
« Reply #3 on: March 07, 2003, 06:40:19 PM »
Hi !

I also got this message while scanning my hdd : it found W32 trojan into a file from winrar. Then i scanned the installer and it also found it. I do believe this is a wrong alert because i re-downloaded the file from rarsoft.com, re-run the scan and it still found the "virus". I then scanned it with NAV (on another computer) and it found nothing ...

Can i also send the file to the mail address ?

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:W32 Trojan
« Reply #4 on: March 07, 2003, 06:57:57 PM »
Yes, seems to be a false alarm. Unpack it with UPX and Avast would not allert anymore!;)
support@asw.cz is always a good place for these kind of things.
MfG Ralf

Pavel Baudis

  • Guest
Re:W32 Trojan
« Reply #5 on: March 07, 2003, 08:00:14 PM »
Hi,
we have just released the new VPS update. Please check if it still reports the Trojan and if yes, please send the file to our technical support - support@asw

thanks,
Pavel

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:W32 Trojan
« Reply #6 on: March 08, 2003, 08:01:41 AM »
I do not know, what you have done, but iAvast still reports the Trojan in the default.sfx of the Winrar 3.0 Package.

BTW: Did i say that i "hate" the "Trojan gen" identification? Why don´t you name the Backdoor/Trojan by a "real" name?
MfG Ralf

jack_mort

  • Guest
Re:W32 Trojan
« Reply #7 on: March 08, 2003, 11:15:26 AM »
Well, for me the "false" warning has disapeared :)

Thx a lot :)

Oh and, btw : very good *free* little proggie 8)

kubecj

  • Guest
Re:W32 Trojan
« Reply #8 on: March 09, 2003, 11:22:28 PM »
BTW: Did i say that i "hate" the "Trojan gen" identification? Why don´t you name the Backdoor/Trojan by a "real" name?

Gen = generic. Lots of other manufacturers name such items in similar way, as it's often too much hassle to name such rubbish. See for example Norton and its Bloodyhound  8)

Pavel Baudis

  • Guest
Re:W32 Trojan
« Reply #9 on: March 11, 2003, 01:01:27 PM »
Raman asked:
Quote
BTW: Did i say that i "hate" the "Trojan gen" identification? Why don´t you name the Backdoor/Trojan by a "real" name?
Just FYI: currently avast! detects more than 12000 different Windows malware programs as Trojan gen. It uses very special general method to do this. We do not plan to attach the unique name to every piece of malware detected by this method...

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:W32 Trojan
« Reply #10 on: March 11, 2003, 03:05:11 PM »
I do not say that you should change it, just that i hate it. Like Norton or F-prot. I mean the nameing of Malware not nessecary the Product. ;)

But you have to admit, that it was easier to help Users, if you(me)know what Malware was detected. Now you always have to say: Send it to the Support.  And that is very time-consuming. You should not wonder if somebody who wants to help say that he should try an other Software or onlinescan to find out what kind of Malware it is.

It isn´t easy to find out if it is a false alarm or not.
MfG Ralf

Pavel Baudis

  • Guest
Re:W32 Trojan
« Reply #11 on: March 11, 2003, 04:05:05 PM »
Yes, but IMHO all AV programs use (more or less) generic malware detection. I admit that our Trojan-gen naming is quite close to the extreme  ;) but with any product it could be very difficult to give the really qualified advice to the user without the sample...

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:W32 Trojan
« Reply #12 on: March 11, 2003, 07:14:40 PM »
Yes, your Trojan-gen naming is extrem!;) I  am glad, that you have to drop the trojan-generic(UPX!) Signature, if Avast supports UPX unpacking! ;)

But with this Method of generic detection, you have to "life" with more False alarms
MfG Ralf

Pavel Baudis

  • Guest
Re:W32 Trojan
« Reply #13 on: March 12, 2003, 08:50:37 AM »
Quote
But with this Method of generic detection, you have to "life" with more False alarms
Well this is not true - even the generic method could be very resistent to false alarms. The main problem as I see it is that it is much more difficult to distinguish (without sample) if it is a false alarm or not...

Pavel