Author Topic: Illegal detect usefull program as trojan  (Read 3125 times)

0 Members and 1 Guest are viewing this topic.

sergerus

  • Guest
Illegal detect usefull program as trojan
« on: April 14, 2008, 10:01:24 AM »
I'm using Avast Home. Today Avast alert that c:\program files\Anvir task manager\anvir.exe is Trojan {keygen}. Also one dll in System32 directory detected as Trojan but this is a4tech mouse driver. Befor today everything was ok.

onlysomeone

  • Guest
Re: Illegal detect usefull program as trojan
« Reply #1 on: April 14, 2008, 10:29:00 AM »
please try to scan the files at http://www.virustotal.com

sergerus

  • Guest
Re: Illegal detect usefull program as trojan
« Reply #2 on: April 14, 2008, 05:11:01 PM »
So...

1)
system32/amhooker.dll (a4tech mouse driver !) detected as Trojan - 3/32 (9.38%)
http://www.virustotal.com/ru/analisis/c35341d96b4e4d56c06f473c28c21f7a

2)
program files/AnVir Task Manager/AnVir.exe detected as Trojan - 4/32 (12.50%) but Avast service was not detect this file as virus.
http://www.virustotal.com/ru/analisis/35e4873865a3da74bd66657d57710b46


please try to scan the files at http://www.virustotal.com

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88128
  • No support PMs thanks
Re: Illegal detect usefull program as trojan
« Reply #3 on: April 14, 2008, 05:38:34 PM »
Your item 1. although detected by three scanners, avast's detection would appear to be on a generic signature (-gen) that attempts to catch more than one malware variant so it could be an FP and analysis is advised.

Your item 2. three scanners have this under a sus or suspicious category, which could be heuristic detections that could be an FP. If avast detects it on your system by VT doesn't it is likely that the VT signatures haven't been updated. The user with auto update is often at least one update ahead as VT can't update in real time.

I would suggest that you send the samples to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security