Author Topic: Win32:Trojano-1736 [Trj] false positive?  (Read 4762 times)

0 Members and 2 Guests are viewing this topic.

dungbeetle

  • Guest
Win32:Trojano-1736 [Trj] false positive?
« on: July 14, 2005, 04:48:06 AM »
Could this be a 'false positive'?

I've recently downloaded VPS 0528-3 13/07/05 and this file (fdcatch.dll) is now identified as a Win32:Trojano-1736 [Trj].

I've sent it to the chest for now and e-mailed the file to Avast!

It's the .dll that integrates FreshDownload with Internet Explorer 6.

My OS is Win XP SP2 with all updates.

Regards,
dungbeetle
« Last Edit: July 14, 2005, 04:50:10 AM by dungbeetle »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #1 on: July 14, 2005, 04:59:09 AM »
Could this be a 'false positive'?
I've recently downloaded VPS 0528-3 13/07/05 and this file (fdcatch.dll) is now identified as a Win32:Trojano-1736 [Trj].
I've sent it to the chest for now and e-mailed the file to Avast!
It's the .dll that integrates FreshDownload with Internet Explorer 6.
My OS is Win XP SP2 with all updates.
Yes, it was reported today as being a false positive. You can search the board for: fdcatch.dll or Win32:Trojano or FreshDownload

Submit the file to Jotti and let us know the results, i.e., if it is or not a false positive.
The best things in life are free.

dungbeetle

  • Guest
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #2 on: July 14, 2005, 05:15:33 AM »
Hi Tech,

Thanks for the quick response.

I tried submitting to Jotti, but I keep getting

"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"   :-(


If it is a false positive however, should I restore it and get Avast! to ignore the file (if so, how?) or should I wait for a fix in a forthcoming AVS update (if so, when?)

Many thanks for the help.

Regards,
dungbeetle

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #3 on: July 14, 2005, 05:22:39 AM »
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"   :-(
avast! should be blocking it, you should add it to exclusions list.

If it is a false positive however, should I restore it and get Avast! to ignore the file (if so, how?) or should I wait for a fix in a forthcoming AVS update (if so, when?)
You can add this file to 2 exclusions lists:
On-access:
Left click a blue icon > Standard Shield provider settings > Customize > Advanced > Add it to the exclusion list.
On-demand:
Right click a blue icon > Program settings > Exclusions (tab)
The best things in life are free.

dungbeetle

  • Guest
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #4 on: July 14, 2005, 05:28:12 AM »
OK, thanks Tech.

Do you think this one will be picked up on the next AVS?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #5 on: July 14, 2005, 05:35:40 AM »
Do you think this one will be picked up on the next AVS?
I think it could take some time... Alwil team is not that fast on removing false positives...  :-\
Did you submit the file to Jotti?
The best things in life are free.

dungbeetle

  • Guest
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #6 on: July 14, 2005, 05:45:42 AM »
Tech,

I did try again after adding the exclusions like you said, but the upload is still being prohibited  :(

dungbeetle

  • Guest
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #7 on: July 14, 2005, 05:52:44 AM »
Tech,

I did try again after adding the exclusions like you said, but the upload is still being prohibited  :(

Sorry!  :o

Scratch that - I tried to send a copy from the desktop which was not listed in the exclusions ... doh!

I managed to send it OK from the programs folder and ........

Avast! is the only checker to list it as a problem.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #8 on: July 14, 2005, 06:01:14 AM »
Scratch that - I tried to send a copy from the desktop which was not listed in the exclusions ... doh!
It won't be good to keep another copy of it... You can use the avast! Chest or even download and install FreshDownload again to have it.

Avast! is the only checker to list it as a problem.
Eh... cof, cof, that's a false positive  :-[
The best things in life are free.

dungbeetle

  • Guest
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #9 on: July 14, 2005, 09:21:12 AM »
Well, since confirming the false positive and listing the file in exclusions as you suggested, so far so good - no more warnings.

Thanks for the help Tech  :)

dungbeetle

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: Win32:Trojano-1736 [Trj] false positive?
« Reply #10 on: July 14, 2005, 04:43:48 PM »
You can remove it from exclusion list as it's already solved. I had the same problem, so you only had to look more carefully at this forum page!  ;D

http://forum.avast.com/index.php?topic=14992.0