Author Topic: Win32:Trojan-gen {Other} warning when building setup.exe in visual studio 2005  (Read 8768 times)

0 Members and 1 Guest are viewing this topic.

czeshirecat

  • Guest
Hi, I'm a developer trying to build a setup project in visual studio 2005 on my desktop. I am receiving warnings while VS builds the setup.exe file.
I also received the same warning this morning on my laptop for uninst.exe on a bittorrent installation sat on my c:\program files\bittorrent subdirectory.
(I only have Avast set up for on access scanning, tho I am currently running a full scan of the laptop. So I'm wondering why it picked up on the uninst.exe.)
I sent setup.exe to a colleague who scanned it with another anti-virus product and he's receiving a clean bill of health on the file.
At the moment I'm wondering if I'm getting false positives, I've no idea what went out in todays Avast updates (26th June 2008). Anyone else suffering the same?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89337
  • No support PMs thanks
Confirm that it is an FP by further scanning.

- Upload to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
Is the problem still present with the latest VPS?
If yes, please send us a sample.
Thanks.

xujun99663311

  • Guest
i have met homologous problem,other anti-virus scanned of a clean bill
« Reply #3 on: June 26, 2008, 08:12:07 PM »
 i am so confused,you know ,avast is famous here in China, but now .....i could say ..
 i need your reply
 thank you

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
You didn't post any question.

czeshirecat

  • Guest
Thanks for your reply :)

I renamed the file (setup.exe) to something else and uploaded it to virustotal.
Out of the 33 tests, only 2 were positive. Avast reported Win32:Trojan-gen {Other} and GData reported Win32:Trojan-gen
It's still reporting as a virus this morning (and every time I build the project).
I've emailed the file to Avast for testing.
« Last Edit: June 27, 2008, 10:10:42 AM by czeshirecat »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
Yes, it certainly looks like a false positive; to fix it, however, we need the sample file.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
we need the sample file.
Send an email to virus@avast.com and in the message body, write down a link to this thread.
The best things in life are free.

phunction

  • Guest
I am having the exact same problem. This just started with a recent update from Avast. It obviously now thinks the windows setup file is a trojan.
And why can't I override the stupid scanner? Yay, it thinks it found a virus, why can't I choose ignore instead of it telling me my only choice is to delete or repair?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
I am having the exact same problem. This just started with a recent update from Avast. It obviously now thinks the windows setup file is a trojan.
And why can't I override the stupid scanner? Yay, it thinks it found a virus, why can't I choose ignore instead of it telling me my only choice is to delete or repair?
Well, the antivirus can take some false positives from time to time. Not a software is perfect. But this does not make it stupid. It's doing it's job.

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
The best things in life are free.

phunction

  • Guest
I was hoping that this was resolved with the op.
I meant stupid in that it doesn't let me make a choice of what I want to do with a file, it wants to decide for me like I am an idiot. There should be an option to allow me to make my own choice in what to do.
I am pretty sure older version of the software allowed me a better choice, but I may be wrong.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89337
  • No support PMs thanks
I meant stupid in that it doesn't let me make a choice
For sure this must be there. Only the Professional version has automated (no user interaction) actions.

You are misreading the quoted text, e.g. 'it doesn't let me make a choice' not that the OP would like the choice to be automatic.

Also the only choice given is Ignore or Delete, which would indicate that this is part of the anti-rootkit scan either at boot (8 minutes after) or as part of the on-demand scan. Sine the rootkit scan uses a different process and also employs a heuristic style the choices given are restricted.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Alex189

  • Newbie
  • *
  • Posts: 2
Hi guys, I have a problem with AVAST claiming that my msi installer contains a trojan.

Luckily I found that the problem is in the 3rd party library, the code of which is open source and is included as it is to my assembly.
Digging dipper I have found the problematic area which performs math calculations relative to geolocation.

Here is the problematic block of code:

            double radius = GetRadius(distanceUnit);
            return Math.Round(
                    radius * 2 *
                    Math.Asin(Math.Min(1,
                                       Math.Sqrt(
                                           (Math.Pow(Math.Sin(originLatitude.DiffRadian(destinationLatitude) / 2.0), 2.0) +
                                            Math.Cos(originLatitude.ToRadian()) * Math.Cos(destinationLatitude.ToRadian()) *
                                            Math.Pow(Math.Sin((originLongitude.DiffRadian(destinationLongitude)) / 2.0),
                                                     2.0))))), decimalPlaces);


Substituting the code above with something simple as "return 10; " solves the problem which makes me think you can analize it and improve your scanning algorythm.

Here is a link to the source code on github:
https://github.com/scottschluer/geolocation/blob/master/Geolocation/GeoCalculator.cs
method GetDistance

Would be really appreciated for your reply and reaction

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89337
  • No support PMs thanks
It isn't advisable breathing life into a topic that is over 15 years old.
Quote from: Notice
Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

If this takes more than this response you should start your own new topic.

-  Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Alex189

  • Newbie
  • *
  • Posts: 2
Looks like some problems were not solved since then)
Anyway, thanks for your recommendation.
I did as you suggested