Is this a false positive?

[DMarkS]

Hello, just registered today. I use HughesNet for my internet. There is a program called hnFAPMon a guy wrote who frequents the DSLReports forums which helps us satellite users monitor our internet usage so we don't go over what is called the FAP (Fair Access Policy), which throttles back our connection speed if we use too much. Many of us use the program.

The people who use avast! have been having virus warnings pertaining to the .exe files for the hnFAPMon program since the 01/01/2008 database update for avast. Others, who use different virus detection programs have not had any issues.

Here is what avast reports:

File name: C:\Program Files\hnFAPMon\hnFAPMonService.exe

Malware name: Win32: Trojan-gen {VC}

Malware type: Virus/Worm

VPS version: 080101-0, 01/01/2008

Link to the discussion on DSLReports forums, you'll see the topic under my usernamehttp://www.dslreports.com/forum/sat

Here's a link to the hnFAPMon download: http://sourceforge.net/projects/hnfapmon/

[bmillham]

I'm the developer of hnFAPMon. I just did some testing to try and find what's going on here.

hnFAPMon is written in perl. When I distribute it, I use Perl2Exe to create an exe of the perl script. It appears that the latest virus definition is catching any app created with Perl2Exe as Win32:Trojan-gen{VC}

To test, I created a simple one line perl script:

print "Hello World\n";

and created an exe with Perl2Exe. Avast is detecting the newly created exe as Win32:Trojan-gen{VC}

I'm in the process of running a full scan on my system just to make sure that I don't have a problem that I didn't know about. However, the version of hnFAPMon that people have seen this problem with has been out for several month, so I'd guess that the latest Virus Database (080101-0 01/01/08) is the cause.

[Lisandro]

Most probably a false positive... can you send a sample to virus (at) avast.com for analysis?
Thanks for helping improving detection and welcome to the family.

[bmillham]

I'll send a copy of the test file that I just created.

I've been a very happy Avast users for years. It's the best 

[Lisandro]

I've been a very happy Avast users for years. It's the best 

It's good to listen a programmer to do so... I'm not a programmer and I do respect them... I can't go that further on my knowledge

[bmillham]

I've sent the file in question. Thanks for the help!

[klox]

Thank you for doing this: I'm the main developper of PeerTV (http://www.peertv.fr),  a webTV client in french, and I'm recieving sooo much emails from users complaining about that issue.

Our app is using Perl2exe free edition to become standalone, and suddenly, since the 1st of january, Avast considers it contains Win32:Trojan-gen{VC}...whereas the exe hasn't change since more than a month.

I hope they will fix this quickly, because it's really causing trouble in terms of trust with our users...I also sent an email to avast regarding this.

[CharleyGarrett]

I've got this same thing....nothing has changed except the virus definitions. 

So, for a temporary work around, I disable avast! on-access protection, use the hnFAPmon control panel to start the service, and then after it's running, then I reactivate the on-access protection.

The thing about the work around is that I have to repeat the procedure after every reboot.

Do we have to just wait for avast to make some sort of an upgrade or fix?  Is there a way to list an exception?

[Lisandro]

So, for a temporary work around, I disable avast! on-access protection, use the hnFAPmon control panel to start the service, and then after it's running, then I reactivate the on-access protection.

You can use the exclusion list of Standard Shield for that. No need to disable all the antivirus protection.

The thing about the work around is that I have to repeat the procedure after every reboot.

So... the exclusion list is for that.