Author Topic: WINRAR FALSE POISITIVE PUP and win32:dropper-gen  (Read 3919 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
WINRAR FALSE POISITIVE PUP and win32:dropper-gen
« on: February 25, 2015, 12:05:28 PM »
Another still time!
Winrar 5.21 installer downloaded from official site www.winrar.it detected from avast such as P.U.P. and win32:dropper-gen

Winrar.exe detected such as P.U.P..!!!
see: https://www.winrar.it/prelievo.php
 >:(

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1427
Re: WINRAR FALSE POISITIVE PUP and win32:dropper-gen
« Reply #1 on: February 25, 2015, 12:10:32 PM »
Report as false positive directly via Avast GUI by following this https://www.avast.com/en-nz/faq.php?article=AVKB21#artTitle and click on "Submitting files from the Virus Chest to Avast Virus Lab" and follow the instructions.



« Last Edit: February 25, 2015, 12:15:01 PM by Staticguy »
DELL Inspiron 15" 7000 Gaming, Windows 10 Home Version 21H1 (OS Build 19043.1237), Trend Micro Maximum Security 2021 (17.0.1333), Avast SecureLine VPN (5.12.5655), Windows Firewall, Unchecky 1.2

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: WINRAR FALSE POISITIVE PUP and win32:dropper-gen
« Reply #2 on: February 25, 2015, 12:32:33 PM »
PUP is not necessarily a FP .... It just tell you that it comes bundled with some crap, very common with freeware downloads

Upload and test file at www.virustotal.com if tested before, click rescan for fresh result
Post link to scan result

REDACTED

  • Guest
Re: WINRAR FALSE POISITIVE PUP and win32:dropper-gen
« Reply #3 on: February 25, 2015, 01:15:38 PM »
PUP is not necessarily a FP .... It just tell you that it comes bundled with some crap, very common with freeware downloads

Upload and test file at www.virustotal.com if tested before, click rescan for fresh result
Post link to scan result

Dear Pondus, winrar.it is the official partner of rarlab.com or better than "win.rar GmbH" then Alexander L. Roshal creator of Winrar.
So I know what I say.
You can see that I have not only written PUP but also  win32: dropper-gen.
So if Avast detects a false malware and slams him in his trash Avast breaking my balls.
Finally, remember that Virustotal is not the solution to all ills and that proactive and heuristics detections made by other anti-virus engines can fail in the assessment as much as Avast.
Thanks. ;) ;)

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: WINRAR FALSE POISITIVE PUP and win32:dropper-gen
« Reply #4 on: February 25, 2015, 01:29:24 PM »
Here I got the Metascan report on that download:
https://www.metascan-online.com/en/scanresult/file/9abae266f07b4421b8445f36dc728f88
More ground to fear a FP.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2295
Re: WINRAR FALSE POISITIVE PUP and win32:dropper-gen
« Reply #5 on: February 25, 2015, 01:34:07 PM »
Hello,
thanks for notice. FP will be fixed in next stream update.

Milos

REDACTED

  • Guest
Re: WINRAR FALSE POISITIVE PUP and win32:dropper-gen
« Reply #6 on: February 25, 2015, 01:44:10 PM »
Hello,
thanks for notice. FP will be fixed in next stream update.

Milos

Thanks a lot.
 ;) ;) ;)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: WINRAR FALSE POISITIVE PUP and win32:dropper-gen
« Reply #7 on: February 25, 2015, 02:18:24 PM »
Quote
You can see that I have not only written PUP but also  win32: dropper-gen.
yes and i was commenting on PUP .... as you can see

Quote
Dear Pondus, winrar.it is the official partner of rarlab.com or better than "win.rar GmbH" then Alexander L. Roshal creator of Winrar.
So I know what I say.
that does not mean they dont bundel the installer with PUP ...many software vendors do

Quote
Finally, remember that Virustotal is not the solution to all ills and that proactive and heuristics detections made by other anti-virus engines can fail in the assessment as much as Avast.
Thanks
i am very aware of that, it was to check if others also said it was bundled with PUP

No PUP detection
https://www.virustotal.com/en/file/69299a7b4a88167c863ccdd41cab9aedbc6d4e6c4daa3b0d8aeda6cf2117808d/analysis/1424869799/
https://www.virustotal.com/en/file/bb6e1a7695c0bc673a4b6069558bb96689d44628b681e57a339128c5d9e6999e/analysis/1424869894/