Author Topic: False positive  (Read 2572 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
False positive
« on: September 12, 2017, 05:04:29 PM »
Greetings, I am a programmer and I am currently writing my version of a game, however, avast, and the virustotal scan detected like malicious the game launcher. I would like you to help me report the false positive and investigate my executable, since it does not alter information or take user input. I don't know how or where to report it.

Scan: https://www.virustotal.com/es/file/175e394b605cc9e6676d053a9163e2db48b5ae6f8639b34c8e4f7e9cc14ad577/analysis/

Game launcher: http://www.returnoftibia.tk/Download

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False positive
« Reply #1 on: September 12, 2017, 05:05:42 PM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: False positive
« Reply #2 on: September 12, 2017, 05:08:45 PM »
Looking at the behavior, the application still needs a lot of work.

REDACTED

  • Guest
Re: False positive
« Reply #3 on: September 12, 2017, 05:12:27 PM »
Looking at the behavior, the application still needs a lot of work.
It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False positive
« Reply #4 on: September 12, 2017, 05:13:36 PM »
It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.
See Reply #1 and/or you can report a suspected FP here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: False positive
« Reply #5 on: September 12, 2017, 05:15:12 PM »
It is not detected as a virus, but as a Trojan.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False positive
« Reply #6 on: September 12, 2017, 05:16:47 PM »
It is not detected as a virus, but as a Trojan.
Yep, and I somehow doubt that this is a FP, but the guys at VL have to decide it.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: False positive
« Reply #7 on: September 12, 2017, 05:22:05 PM »
It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.
See Reply #1 and/or you can report a suspected FP here: https://www.avast.com/false-positive-file-form.php
Thanks, I already did the file report, and it should be simple, in fact I did not protect or obfuscate the code, so anyone can decompile it and verify its behavior. I just encrypted some variants. I could send the .NET project to avast if required.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False positive
« Reply #8 on: September 12, 2017, 05:24:43 PM »
As you reported it, wait for an answer from the VL guys.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: False positive
« Reply #9 on: September 12, 2017, 05:25:46 PM »
If the people from avast need/want more info, they will contact you.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False positive
« Reply #10 on: September 12, 2017, 05:26:14 PM »
Then you have to consider that every IDS alerts a so-called tk_domain....
IP blacklisted
Google   Google Diagnostic Page
My WOT   WOT Score Card
hpHosts   hpHosts listing
MalwareDomainList   MDL listing
Re: https://urlquery.net/queue/75feedf9-6fa2-40ae-927c-9699b8a6a057

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: False positive
« Reply #11 on: September 12, 2017, 05:29:12 PM »
A friend who installed the game yesterday, told me that his avast notified him that my executable would be analyzed in the laboratory, and within a few hours they said it was inoffensive.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False positive
« Reply #12 on: September 12, 2017, 05:49:51 PM »
As said, wait for an answer from the VL guys.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline savcin

  • Avast team
  • Full Member
  • *
  • Posts: 113
Re: False positive
« Reply #13 on: September 12, 2017, 07:51:35 PM »
Clean status has been set.