Author Topic: Avast Detects Vista Codec Pack as a Trojan.  (Read 2548 times)

0 Members and 1 Guest are viewing this topic.

Offline Xtreme2damax

  • Newbie
  • *
  • Posts: 9
Avast Detects Vista Codec Pack as a Trojan.
« on: October 21, 2007, 11:50:50 PM »
Suddenly after the newest vdb update of Avast, a couple files in the Vista Codec Pack are being detected as Trojans.

Both the HDDVD and MPEG files in the Tools directory are detected as Win32:Regdis-C [trj] on C:\Program Files\VistaCodecPack\Tools\HDDVD.exe.

I know this is a False-Positive, since it wasn't being detected as a Trojan/Virus until the latest Avast VDB update. I hope this can be fixed soon because it pop up with a warning/detection notice everytime I boot Vista up when Avast starts.

Thank You for reading and acknowledging my problem which others are having as well.

I've also uploaded a couple attactments screencaps of the warning/detection.


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83567
  • No support PMs thanks
Re: Avast Detects Vista Codec Pack as a Trojan.
« Reply #1 on: October 21, 2007, 11:59:54 PM »
The fact that it is only detected after a VPS update doesn't mean it 'is' a false positive, just that it has been detected. That is what happens with the addition of new signatures to the VPS what might not have been detected yesterday could well be detected today, you have to confirm the detection.

Free Codecs are a common source of trojans as it is easy to package an unwanted gift.

You could also check the offending/suspect file at (and report your findings): VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Xtreme2damax

  • Newbie
  • *
  • Posts: 9
Re: Avast Detects Vista Codec Pack as a Trojan.
« Reply #2 on: October 22, 2007, 12:22:35 AM »
These are the results from scanning the file(s) on VirusTotal, will scan them again later on jotti.

Quote

AhnLab-V3   2007.10.20.0   2007.10.19   -
AntiVir   7.6.0.27   2007.10.21   -
Authentium   4.93.8   2007.10.20   -
Avast   4.7.1051.0   2007.10.21   Win32:Regdis-C
AVG   7.5.0.488   2007.10.21   -
BitDefender   7.2   2007.10.21   -
CAT-QuickHeal   9.00   2007.10.20   -
ClamAV   0.91.2   2007.10.21   -
DrWeb   4.44.0.09170   2007.10.21   -
eSafe   7.0.15.0   2007.10.21   suspicious Trojan/Worm
eTrust-Vet   31.2.5225   2007.10.20   -
Ewido   4.0   2007.10.21   -
FileAdvisor   1   2007.10.22   -
Fortinet   3.11.0.0   2007.10.19   -
F-Prot   4.3.2.48   2007.10.20   -
F-Secure   6.70.13030.0   2007.10.21   -
Ikarus   T3.1.1.12   2007.10.21   Trojan-Dropper.Win32.Delf.FZ
Kaspersky   7.0.0.125   2007.10.22   -
McAfee   5145   2007.10.19   -
Microsoft   1.2908   2007.10.21   -
NOD32v2   2604   2007.10.19   -
Norman   5.80.02   2007.10.19   -
Panda   9.0.0.4   2007.10.21   Suspicious file
Prevx1   V2   2007.10.22   -
Rising   19.45.62.00   2007.10.21   -
Sophos   4.22.0   2007.10.21   -
Sunbelt   2.2.907.0   2007.10.20   -
Symantec   10   2007.10.21   -
TheHacker   6.2.9.103   2007.10.21   -
VBA32   3.12.2.4   2007.10.19   -
VirusBuster   4.3.26:9   2007.10.21   -
Webwasher-Gateway   6.6.1   2007.10.21   -


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83567
  • No support PMs thanks
Re: Avast Detects Vista Codec Pack as a Trojan.
« Reply #3 on: October 22, 2007, 01:10:39 AM »
With two, only reported as suspicious, which could mean some form of heuristics that could be wrong and Ikarus I don't know much about (read nothing) so there is a probability that it is a false positive. You should send samples of those detected to avast and exclude the files from scans (if you accept the possible risk), in the false positive link above.

WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Avast Detects Vista Codec Pack as a Trojan.
« Reply #4 on: October 22, 2007, 03:03:45 AM »
The setup of Vista Codec Pack 4.5.2 Beta 1 is not detected by avast as being infected.
I think this is a false positive...
The best things in life are free.

Offline Xtreme2damax

  • Newbie
  • *
  • Posts: 9
Re: Avast Detects Vista Codec Pack as a Trojan.
« Reply #5 on: October 22, 2007, 05:47:58 AM »
Well Thanks for your feedback, I'll try uploading those files to the other online virus scanning website you linked to and post the results. However I won't be able to do that until tomorrow since my Satellite internet is running slow due to exceeding the Fair Access Policy bandwidth threshold, so it would take me forever to get them uploaded scanned and post the results. I can just barely browse the web right now. :P

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83567
  • No support PMs thanks
Re: Avast Detects Vista Codec Pack as a Trojan.
« Reply #6 on: October 22, 2007, 02:03:46 PM »
If they are very large, there is a 10MB file size limit at VT and Jotti so you may not be able to upload them for scanning.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro