Author Topic: Win32:Trojan-gen {Other} warning when building setup.exe in visual studio 2005  (Read 6472 times)

0 Members and 1 Guest are viewing this topic.

Offline czeshirecat

  • Newbie
  • *
  • Posts: 2
Hi, I'm a developer trying to build a setup project in visual studio 2005 on my desktop. I am receiving warnings while VS builds the setup.exe file.
I also received the same warning this morning on my laptop for uninst.exe on a bittorrent installation sat on my c:\program files\bittorrent subdirectory.
(I only have Avast set up for on access scanning, tho I am currently running a full scan of the laptop. So I'm wondering why it picked up on the uninst.exe.)
I sent setup.exe to a colleague who scanned it with another anti-virus product and he's receiving a clean bill of health on the file.
At the moment I'm wondering if I'm getting false positives, I've no idea what went out in todays Avast updates (26th June 2008). Anyone else suffering the same?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84558
  • No support PMs thanks
Confirm that it is an FP by further scanning.

- Upload to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11786
    • AVAST Software
Is the problem still present with the latest VPS?
If yes, please send us a sample.
Thanks.

Offline xujun99663311

  • Newbie
  • *
  • Posts: 1
i have met homologous problem,other anti-virus scanned of a clean bill
« Reply #3 on: June 26, 2008, 08:12:07 PM »
 i am so confused,you know ,avast is famous here in China, but now .....i could say ..
 i need your reply
 thank you

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11786
    • AVAST Software
You didn't post any question.

Offline czeshirecat

  • Newbie
  • *
  • Posts: 2
Thanks for your reply :)

I renamed the file (setup.exe) to something else and uploaded it to virustotal.
Out of the 33 tests, only 2 were positive. Avast reported Win32:Trojan-gen {Other} and GData reported Win32:Trojan-gen
It's still reporting as a virus this morning (and every time I build the project).
I've emailed the file to Avast for testing.
« Last Edit: June 27, 2008, 10:10:42 AM by czeshirecat »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11786
    • AVAST Software
Yes, it certainly looks like a false positive; to fix it, however, we need the sample file.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67259
we need the sample file.
Send an email to virus@avast.com and in the message body, write down a link to this thread.
The best things in life are free.

Offline phunction

  • Newbie
  • *
  • Posts: 2
I am having the exact same problem. This just started with a recent update from Avast. It obviously now thinks the windows setup file is a trojan.
And why can't I override the stupid scanner? Yay, it thinks it found a virus, why can't I choose ignore instead of it telling me my only choice is to delete or repair?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67259
I am having the exact same problem. This just started with a recent update from Avast. It obviously now thinks the windows setup file is a trojan.
And why can't I override the stupid scanner? Yay, it thinks it found a virus, why can't I choose ignore instead of it telling me my only choice is to delete or repair?
Well, the antivirus can take some false positives from time to time. Not a software is perfect. But this does not make it stupid. It's doing it's job.

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
The best things in life are free.

Offline phunction

  • Newbie
  • *
  • Posts: 2
I was hoping that this was resolved with the op.
I meant stupid in that it doesn't let me make a choice of what I want to do with a file, it wants to decide for me like I am an idiot. There should be an option to allow me to make my own choice in what to do.
I am pretty sure older version of the software allowed me a better choice, but I may be wrong.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84558
  • No support PMs thanks
I meant stupid in that it doesn't let me make a choice
For sure this must be there. Only the Professional version has automated (no user interaction) actions.

You are misreading the quoted text, e.g. 'it doesn't let me make a choice' not that the OP would like the choice to be automatic.

Also the only choice given is Ignore or Delete, which would indicate that this is part of the anti-rootkit scan either at boot (8 minutes after) or as part of the on-demand scan. Sine the rootkit scan uses a different process and also employs a heuristic style the choices given are restricted.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security