Author Topic: False Positive Win32:Small-IRG [Trj]  (Read 3587 times)

0 Members and 1 Guest are viewing this topic.

Offline woodybolo

  • Newbie
  • *
  • Posts: 5
False Positive Win32:Small-IRG [Trj]
« on: December 14, 2007, 12:40:31 PM »
Hello,
i'm using avast for a while now and i'm always satisfied but since yesterday avast tell me that a file (printip.exe) i use everyday since 2006 now is infected by Win32:Small-IRG [trj] it's an executable i use to print my ip in an batch file i use dozen times a day now i need to shut down avast to continue using my computer and i am 100% sure it's safe and i don't want to use another antivirus but if you cannot help me i will have no choice  ???

See the program in attachment rename printip.exe.log in printip.exe

thank you


Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: False Positive Win32:Small-IRG [Trj]
« Reply #1 on: December 14, 2007, 12:53:59 PM »
1) no live links to samples here!!
2) you don't need to stop avast, the only thing what you have to do is to open Standard shield settings and add the file to its exclusion list..
3) almost all AV's at virtotal marked the file as Small trojan, we must analyze it further..

Offline woodybolo

  • Newbie
  • *
  • Posts: 5
Re: False Positive Win32:Small-IRG [Trj]
« Reply #2 on: December 14, 2007, 01:12:09 PM »
Thank you for your quick answer and sorry for the direct link  ;D

i try what you say this way :


i  put printip.exe on the list
but i still have the warning it's verry annoying for me.

May be i need to restart the computer for the exclusion list? :-[

thank you again

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: False Positive Win32:Small-IRG [Trj]
« Reply #3 on: December 14, 2007, 01:51:41 PM »
ook, add the file also to the global exclusion list under program settings -> exclusions (accessible after right clicking the "a" icon)..

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11796
    • AVAST Software
Re: False Positive Win32:Small-IRG [Trj]
« Reply #4 on: December 14, 2007, 03:30:54 PM »
You have to include the path into the exclusion, or the corresponding mask (e.g. *\printip.exe)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: False Positive Win32:Small-IRG [Trj]
« Reply #5 on: December 14, 2007, 09:16:26 PM »
May be i need to restart the computer for the exclusion list? :-[
Igor, can you answer this, for sure?
The best things in life are free.

Offline woodybolo

  • Newbie
  • *
  • Posts: 5
Re: False Positive Win32:Small-IRG [Trj]
« Reply #6 on: December 15, 2007, 02:32:23 AM »
 :D
Thank you it works  ;) but if i want to copy my printip.exe program i need to turn off the protection that's not a big issue for me ;D.

This programs is used as a reconnector for usb modems to let you know your ip so you can disconnect your internet connection until you have another ip number if your internet provider gives you a dynamic ip with a batch file just like this:
Code: [Select]
For /F %%i in ('printip') Do @Set IP=%%i
C:\WINDOWS\system32\rasdial.exe /disconnect
C:\WINDOWS\system32\rasdial.exe "Provider" "login" "password"
for /F %%j in ('printip') Do @set IPNEW=%%j
if %IP% == %IPNEW% GOTO AGAIN

it is used to access time limited internet services based on your ip so it's more rapid when you share something   8)
 

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84922
  • No support PMs thanks
Re: False Positive Win32:Small-IRG [Trj]
« Reply #7 on: December 15, 2007, 02:41:55 AM »
If the exclusions 'work' (e.g. no alerts when you run printip.exe) you leave them in place and you don't need to turn off the protection.

So are you still getting alerts when you run printip.exe ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline woodybolo

  • Newbie
  • *
  • Posts: 5
Re: False Positive Win32:Small-IRG [Trj]
« Reply #8 on: December 15, 2007, 02:56:43 AM »
No thank you  :)

but if i try to copy it or to rename it yes

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84922
  • No support PMs thanks
Re: False Positive Win32:Small-IRG [Trj]
« Reply #9 on: December 15, 2007, 03:51:51 AM »
Then you would need to add those to the exclusions lists.

If you do regularly copy or rename it then I would suggest you have it/them in a folder specifically for them and exclude the folder. You could also keep the file name consistent e.g. printipnnnn.exe where nnnn is a numeric value or xxx where xxx is an alphabetic value.

So you could have c:\PrintIp\printip*.exe this wildcard would exclude all printip(something).exe files. This is better than having c:\PrintIp\*.* which would exclude all files in the PrintIp folder, this could leave a hole in security so it is best to try and restrict the wildcard use.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security