potential false positive - again

[BTIsaac]

Hi. Just recently, an app that was working fine a few hours ago has been identified as Android:Bankun-D trojan. The app in question is Dark Avengers, an android game published by the company Gamevil, and has been on my phone for almost a year now. Considering this, and the fact that no other suspicious objects were detected, I'm guessing that this could be a false positive, but I'm not 100% certain. Should I report a false positive?

Just to avoid unnecessary questions later:
I'm using a Samsung tablet running android 4.1.2, and my avast mobile security version is 3.0.6542 with virus definition version 131108-01

[Pondus]

If able to, upload the app to www.virustotal.com and test with 40+ malware scanners
Post link to scan result here

[BTIsaac]

If able to, upload the app to www.virustotal.com and test with 40+ malware scanners
Post link to scan result here

Uhm... I'm not exactly sure how I'm supposed to upload an app. I'm guessing my phone needs to be rooted, but it's not.
If I report a false positive, how exactly will the people receiving the report proceed?

[Pondus]

If I report a false positive, how exactly will the people receiving the report proceed?

avast lab will then correct the detection if it is wrong


You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

[BTIsaac]

I already reported a false positive using the option in the avast app. How long before I can expect some sort of result? What if the detection is genuine? Will I get some form of feedback?

[BTIsaac]

One more thing. It would seem that there are multiple people complaining about the same problem in the app store, but they seem to be under the impression that there's a problem with the app itself. I find it unlikely that all of them somehow acquired the same virus that infected the same app on all devices, leaving everything else untouched, especially since some of them have already reinstalled the app, and their probleem persists.
I'm more convinced at this point that this is indeed a false positive.

[Filip Havlicek]

Hi,

I guess that it might take a few days. I can try to speed things up if you remind me to do so on Monday.

Filip

[BTIsaac]

Whoa, talk about a few days. I'll keep it in mind.

[BTIsaac]

Just calling in to remind anyone concerned. At first, it would appear that the problem was fixed, and the program started launching, but avast stopped it again.

[Flippy]

Hello,
we really sorry for any inconvenience. This detections cause false positive with your app. It should be fixed in next update.

Thank you and have a nice day!
Filip Chytrý
Malware Analyst

[BTIsaac]

So it WAS false positive. I'm more relieved than anything. Part of me was worried that something might actually be wrong with the app, be it a design flaw, or a third party infection.

[kalakala]

https://www.virustotal.com/en/file/0aff89e9e0f1108cbf783a48b92e87130364c509b7abb9929c18d74012f55cce/analysis/1384350051/
both 1.2.5. and 1.2.6 triggered the trojan warning
this is a very popular game on android by respected dev company,
this problem should be high priority to correct!

[Flippy]

Hello, sorry it was false positive and it will be fixed in next update. Thank you and best regards, Filip Chytrý

[BTIsaac]

I do not wish to start a new topic on the subject, so I'm reviving this ome.

This app has been targeted for the third time now. This time, it's identified as a potentially unwanted program Android:Secapk-D
To be honest, it's getting more than a little frustrating, to see one of the most well known mobile games getting repeatedly misidentified as a threat, by one of the most trusted anti virus programs.

[Flippy]

Hello, we are really sorry for any inconvenience. Detections was fixed yesterday. Reason why this game has been flagged is multiple. 1) It have some suspicious privileges 2) new version wasnt on our clean set.

We really sorry for any inconvenience and if there will be posibillity to submit all new version of this app in viruslab we will highly appreciate it.

Best regards,
Filip Chytrý