Author Topic: False Positive Win32:Trojan-gen {Other} (Read 3687 times)

maniac2003 · « **on:** April 26, 2008, 07:52:00 PM »

I encounter what I believe is a fp, I get:
Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Evolution Tools\evoOptions.exe" file.

This file belongs to a program which is used for a Nintendo DS flashcard, this exe is part of a program to get cheats for NDS games. Please tell me what to do and I will provide the necessary info/files.

Thanks in advance,

DavidR · « **Reply #1 on:** April 26, 2008, 08:41:21 PM »

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

maniac2003 · « **Reply #2 on:** April 26, 2008, 10:15:10 PM »

12 of the 32 AV's detect something, I sent it in for futher investigation.

Antivirus      Versie    Laatst geüpdatet    Resultaat
AhnLab-V3   2008.4.25.2   2008.04.25   -
AntiVir     7.8.0.10   2008.04.25   HEUR/Crypted
Authentium   4.93.8   2008.04.26   -
Avast   4.8.1169.0   2008.04.26   Win32:Trojan-gen {Other}
AVG   7.5.0.516   2008.04.26   -
BitDefender   7.2   2008.04.26   Trojan.Packed.2636
CAT-QuickHeal   9.50   2008.04.26   (Suspicious) - DNAScan
ClamAV   0.92.1   2008.04.26   -
DrWeb   4.44.0.09170   2008.04.26   -
eSafe   7.0.15.0   2008.04.21   Suspicious File
eTrust-Vet   31.3.5736   2008.04.26   -
Ewido   4.0   2008.04.26   -
F-Prot   4.4.2.54   2008.04.26   -
F-Secure   6.70.13260.0   2008.04.26   -
FileAdvisor   1   2008.04.26   Low threat detected
Fortinet   3.14.0.0   2008.04.26   -
Ikarus   T3.1.1.26.0   2008.04.26   Backdoor.Win32.Rbot
Kaspersky   7.0.0.125   2008.04.26   -
McAfee   5282   2008.04.25   -
Microsoft   1.3408   2008.04.22   -
NOD32v2   3057   2008.04.26   -
Norman   5.80.02   2008.04.25   -
Panda   9.0.0.4   2008.04.26   Suspicious file
Prevx1   V2   2008.04.26   Generic.Malware
Rising   20.41.52.00   2008.04.26   -
Sophos   4.28.0   2008.04.26   -
Sunbelt   3.0.1056.0   2008.04.17   Trojan.Packed
Symantec   10   2008.04.26   Trojan Horse
TheHacker   6.2.92.294   2008.04.26   -
VBA32   3.12.6.5   2008.04.26   -
VirusBuster   4.3.26:9   2008.04.26   -
Webwasher-Gateway   6.6.2   2008.04.26   Heuristic.Crypted

DavidR · « **Reply #3 on:** April 26, 2008, 10:31:34 PM »

It is still jury out and does require further analysis as many of those detections are using heuristics which could be more prone to FP. The avast detection is using a generic detection designed to pick up multiple variants so could also fall into this category.

Some other are probably detecting because of the way it is packed.

misak · « **Reply #4 on:** April 28, 2008, 01:58:37 PM »

False positive alert has been fixed in last VPS update.

maniac2003 · « **Reply #5 on:** April 28, 2008, 02:36:26 PM »

Thanks for the fix.

Author Topic: False Positive Win32:Trojan-gen {Other} (Read 3687 times)

maniac2003

False Positive Win32:Trojan-gen {Other}

DavidR

Re: False Positive Win32:Trojan-gen {Other}

maniac2003

Re: False Positive Win32:Trojan-gen {Other}

DavidR

Re: False Positive Win32:Trojan-gen {Other}

misak

Re: False Positive Win32:Trojan-gen {Other}

maniac2003

Re: False Positive Win32:Trojan-gen {Other}