False Positive Win32:Trojano-2167[Trj]??

[Atomic_Ed]

Hello everyone I am running Avast! 4.6 Pro and recently been getting a warning that a file on my system and an area of system restore is infected with Win32:Trojano-2167[Trj]. Now the file in question is the Acronis Disk Director Suite 9.0 application I recently purchased directly from the Acronis online store and have seen no ill effects with it. The filename is diskdirectorsuite9.0_d_en.exe

I have also since scanned the file with Mcaffe 9.0 and it does not detect anything.  I tried using the online scanners but because the file size is over 30mb it is too big for any of them I have found to scan.

Can anyone tell me if this is just a false positive? I think it is but want to make sure.

[Lisandro]

Most probably it's a false positive.
You can submit the file to Jotti and let us know the results, i.e., if it is or not a false positive.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus (at) avast.com.
Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see About avast: right click avast icon) will also help. 

[Atomic_Ed]

Thanks  for the reply but Jotti has a limit of 15mb and this file is over 30mb in size so I could not do that scan they have there. Also it is a commercial software so I am not sure it is legal to submit the file as it is the installer and whole program of Acronis Disk Director 9. I am not sure what the rules are for transmitting copyrighted programs like that and want to be careful not to violate and licensing terms.

Is there any other way for me to tell for sure if it is a false positive? Thanks again for your info on this.

[Lisandro]

Is there any other way for me to tell for sure if it is a false positive? Thanks again for your info on this.

Try on line with http://www.virustotal.com/
I'm not sure if it has a limitation.

Other backup (non-resident) scanners could be installed in your computer for this ocasions.
For instance, BitDefender (free), AVG (without the residents, plugins and email checker), ClamWin (without the residents), AntiVir (without the guard)...
They won't conflict with avast! if you choose NOT to install the residents.

[Atomic_Ed]

Thanks again I will try that link and post back. Also do you know if Panda TruePrevent will run with avast! ok too and also on x64 system which I am running? Sorry for all the questions but I do appreciate your help.

[Lisandro]

Also do you know if Panda TruePrevent will run with avast! ok too

I think not, as it is a resident and will conflict.

And also on x64 system which I am running?

Are you sure Panda works on x64 systems?
I thought only avast! was prepared for this right now 

[Atomic_Ed]

That was what I was asking if it would work on x64 but I think probably not. I tried that scan link and it failed as they have only a 10mb files size limit.

[Lisandro]

I recommend the backup (non-resident) scanners as before 

[igor]

Can you please upload the file to our anonymous FTP at ftp://ftp.asw.cz/incoming ? (You won't see anything there, because the anonymous account doesn't have read & list rights.)

We'll check the file and fix the false positive. Thanks! (and sorry for the troubles)

[shatadal]

I think I have the same problem. I have another program from acronis, Acronis True Image 8.0. I just downloaded the install file from download.com and scanned it with avast. I got the following warning messages

File Name: trueimage8.0_d_en.exe\trueimg.exe
Malware Name: Win32:Trojano-2167 [Trj]
Malware Type: Trojan Horse
VPS version: 0534-4, 26/08/2005

File Name: trueimage8.0_d_en.exe\ti_boot.exe
Malware Name: Win32:Trojano-2167 [Trj]
Malware Type: Trojan Horse
VPS version: 0534-4, 26/08/2005

This seems to the same warning which the OP put in his post. I have uploaded the file trueimage8.0_d_en.exe to ftp.asw.cz/incoming

My system information is

Windows XP SP1
Avast version 4.6 Home edition Build Jul 2005 (4.6.691)
VPS version is given in the error messages

Thanks,
Shatadal.

[Atomic_Ed]

Can you please upload the file to our anonymous FTP at ftp://ftp.asw.cz/incoming ? (You won't see anything there, because the anonymous account doesn't have read & list rights.)

We'll check the file and fix the false positive. Thanks! (and sorry for the troubles)

Thanks and I have uploaded the file to your ftp site just now.

[shatadal]

I scanned the Acronis True Image installer file again this morning with the latest definitions update 0535-0 and this time I got no error messages. Thanks for the quick update to get rid of the false positives.

[igor]

Yes, it was corrected.
Thanks for your help, and sorry for the troubles.

[Atomic_Ed]

Thank you for so quickly addressing and fixing this!