Author Topic: Uninstaller False Positives???  (Read 3477 times)

0 Members and 1 Guest are viewing this topic.

Allochthonous

  • Guest
Uninstaller False Positives???
« on: December 31, 2006, 05:38:30 PM »
My latest scan detected that the following files contained the Win32:Agent-DZT [Trj] virus:

C:\Program Files\EA GAMES\Freedom Fighters\EReg\Freedom Fighters_uninst.exe
Win32:Agent-DZT [Trj]

C:\Program Files\Maxis\SimCity 4\Support\SimCity 4_uninst.exe
Win32:Agent-DZT [Trj]

C:\WINDOWS\uneng.exe (Roxio)

All of which are uninstallers. These files also test hot straight from the CD's and are also hot on my friend's computer (including the uninstaller for various other EA games.

VirusTotal does not find anything on any of these files. AVG Free 7.5 does not find anything on the CD's.

I have tried to Zip these files using 7-Zip and Windows so i can send them to Avast support and to move them to another computer to scan with AVG, but i keep getting an access denied error. I even tried to scan over my network, but it didn't seem to work either.  Is Avast blocking these actions?


VPS:0666-0, 12/30/2006

PK


« Last Edit: December 31, 2006, 05:43:57 PM by Allochthonous »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Uninstaller False Positives???
« Reply #1 on: December 31, 2006, 05:59:10 PM »
Seems false positives.
Please send the files is a password protected zip to virus@avast.com
Please, mention in the body of the message they're false positives and the password used. Thanks.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file -  there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.
The best things in life are free.

Allochthonous

  • Guest
Re: Uninstaller False Positives???
« Reply #2 on: December 31, 2006, 06:41:29 PM »
I did not send the files to the chest. I just left them where they were, as I am pretty sure they are false. Should I scan them all again and let Avast move them into the chest?

Will this workaround allow me to Zip the files?  Am I unable to zip them due to Avast On Access scanning?


PK

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Uninstaller False Positives???
« Reply #3 on: December 31, 2006, 07:17:13 PM »
If you are 100% sure they are false positives, add them to the on access exclusions. Also you should add them to the on demand exclution list too. This list can be found in user interface when you are setting up a scan.

Once added to the on access exclution, you can zip them for sending.

Really no reason to send them to the chest, other than they will all be in an easy place to locate so you can check them from time to time to see if they are still being detected.

If you do sent them to the chest, remember to retore them. A copy will remain in the chest for testing purposes.

Allochthonous

  • Guest
Re: Uninstaller False Positives???
« Reply #4 on: January 01, 2007, 12:13:26 AM »
OK, i just went ahead and completely disabled On Access Scanning just long enough to zip the files and password protect them to send to virus@avast.com.

I was also able to then move those zipped files over to my AVG 7.5 machine and scan them. Nothing was found, of course.

Then I rescanned the original files on the Avast machine and moved the files into the chest so i could get to them for future testing more easily. I do not plan on removing any of the related programs any time soon, so I won't be needing them.

Sound good?

PK

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Uninstaller False Positives???
« Reply #5 on: January 01, 2007, 12:18:40 AM »
Just as long as you remember they are there  ;) . Just keep checking them so you will know when they have been added to avast.

Allochthonous

  • Guest
Re: Uninstaller False Positives???
« Reply #6 on: January 01, 2007, 02:25:48 PM »
Reply from the good folks at Avast:

"Hello,
thanks for your email. This false alarm was repaired by VPS update 0666-01
Regards Cernik"
 


PK

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Uninstaller False Positives???
« Reply #7 on: January 01, 2007, 03:01:28 PM »
"Hello, thanks for your email. This false alarm was repaired by VPS update 0666-01
Regards Cernik"
Thanks for posting the solution...  ;)
The best things in life are free.