Author Topic: My app hits as a false-positive, please help  (Read 7838 times)

0 Members and 1 Guest are viewing this topic.

iocane2099

  • Guest
My app hits as a false-positive, please help
« on: March 13, 2014, 05:51:31 PM »
Hello, I'm the developer for a legitimate app in the Mac AppStore called Bitcoin Ticker - To the Moon! https://itunes.apple.com/us/app/bitcoin-ticker-to-the-moon!/id731453251?mt=12. A couple months ago my app was hijacked along with some other legitimate apps, and were uploaded as a trojan to popular third party websites such as Download.com and MacUpdate.com. The details can be found here http://www.reddit.com/r/Bitcoin/comments/1xnm1v/os_x_users_beware_downloadcom_and_macupdatecom/. The actual Mac AppStore version has always been clean since only I can code sign and upload it to the Mac AppStore.

In the last update I added some security features incase the app was ever modified again by a third party. If the app has been tampered with it will show a warning message and then disable itself http://cl.ly/image/3c2Q0W3Y1M1C. How can I go about removing my app as a false-positive? I've already sent a false-positive report a couple weeks ago with no reply. Here is a screenshot of the false-positive http://cl.ly/image/1X280Y3i2G2z.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: My app hits as a false-positive, please help
« Reply #1 on: March 13, 2014, 06:08:50 PM »
Can you upload the detected file to virustotal.com and post a link to the scan results here?
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

iocane2099

  • Guest
Re: My app hits as a false-positive, please help
« Reply #2 on: March 13, 2014, 06:35:19 PM »

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: My app hits as a false-positive, please help
« Reply #3 on: March 13, 2014, 06:41:14 PM »
Send the file in an password protected archive to virus@avast.com Subject:false positive
Dont forget to tell them the password. ;)
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

iocane2099

  • Guest
Re: My app hits as a false-positive, please help
« Reply #4 on: March 13, 2014, 07:33:44 PM »
Thanks, I sent it. Do you know what the usual turn around time is?

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: My app hits as a false-positive, please help
« Reply #5 on: March 13, 2014, 07:39:13 PM »
Theyre pretty quick on flse positives but it depends on virus lab load. Theyre processing 350000-450000 files a day.

Usually it should be fixed within a few days. maybe a bit longer cause its a Mac Software. ;)
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

iocane2099

  • Guest
Re: My app hits as a false-positive, please help
« Reply #6 on: April 06, 2014, 08:09:47 PM »
Hi guys, it's been almost a month and my app still hits as a false-positive. Can some one from avast please tell my why?

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: My app hits as a false-positive, please help
« Reply #7 on: April 07, 2014, 01:54:54 PM »
Hi guys, it's been almost a month and my app still hits as a false-positive. Can some one from avast please tell my why?
Hello,
detection was fixed on 14th March 2014.

Milos

iocane2099

  • Guest
Re: My app hits as a false-positive, please help
« Reply #8 on: April 07, 2014, 05:32:01 PM »
When I try to download the app from the Mac App Store it is still blocked. Here is a screen recording. I was running the current virus definitions. https://dl.dropboxusercontent.com/u/17346600/AvastBitcoinTTM.mov

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: My app hits as a false-positive, please help
« Reply #9 on: April 08, 2014, 12:00:41 AM »
When I try to download the app from the Mac App Store it is still blocked. Here is a screen recording. I was running the current virus definitions. https://dl.dropboxusercontent.com/u/17346600/AvastBitcoinTTM.mov

files have different hash
 
We need that samples to analyze.

Send the sample to virus@avast.com with "False positive" in subject.

iocane2099

  • Guest
Re: My app hits as a false-positive, please help
« Reply #10 on: April 09, 2014, 03:39:10 PM »
Ok thanks I resent. I sent an encrypted version of the complete .app this time.

iocane2099

  • Guest
Re: My app hits as a false-positive, please help
« Reply #11 on: April 15, 2014, 05:10:27 PM »
Any update? The app still hits as a false positive. Can someone from avast please help me resolve this?

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: My app hits as a false-positive, please help
« Reply #12 on: April 16, 2014, 02:26:43 PM »
Any update? The app still hits as a false positive. Can someone from avast please help me resolve this?

I haven't seen the newly sent sample.

Post VT(virus total) link of the detected file (previous one was already fixed).

submit again
https://www.virustotal.com/
« Last Edit: April 16, 2014, 02:30:58 PM by jefferson santiag »

iocane2099

  • Guest
Re: My app hits as a false-positive, please help
« Reply #13 on: April 16, 2014, 05:13:33 PM »
I took a closer look and it seems the temp pkg file was hitting as a false positive when trying to download the app. It seems to be fixed now though. No more false-positive hits! Thanks for your help :)

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: My app hits as a false-positive, please help
« Reply #14 on: April 16, 2014, 10:32:33 PM »
I took a closer look and it seems the temp pkg file was hitting as a false positive when trying to download the app. It seems to be fixed now though. No more false-positive hits! Thanks for your help :)

was fixed in VPS 140416-1 update
at apologize for the delay in resolving problems are several that I forget
you're be welcome