Brainwave Generator 3.1 FP?

[cfb33774]

I have used Brainwave Generator 3.1 for years and this week avast says it is a Trojan.  I uninstalled it and downloaded it again from download.com and the freshly installed one still gets blocked by avast. The log says: Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Bwgen\Bwgen.exe" file.
Even Firefox 3.0.1 does a virus scan after download and did not detect it in the install file.

How can I be certain that this is a false positive?

cfb

[DavidR]

Are you sure that firefox 3.0.1 does a scan, as from my understanding it tries to use the installed AV to do the scan and for me and many others it doesn't work with avast and a number of other AVs.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[cfb33774]

I scanned bwgen.exe at virustotal.com and only three (including avast!) of the 35 virus scanners reported it as malware or having a Trojan gen. So is it bad or not?
cfb

Are you sure that firefox 3.0.1 does a scan, as from my understanding it tries to use the installed AV to do the scan and for me and many others it doesn't work with avast and a number of other AVs.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[DavidR]

It would appear to be an FP, though you didn't post the results (or a link to the results) so I can't say for sure.

You should certainly submit the sample as a possible false positive as outlined in the link I gave.

[cfb33774]

Here is the link to the Virus Total scan: http://www.virustotal.com/analisis/5c25d612defdecf5a5ba2a69cf786d4e
I emailed the suspect file zipped with a password to virus@avast.com.

cfb

[cfb33774]

You are right about Firefox using the installed AV to scan downloads.
http://www.mozilla.com/en-US/firefox/features/ states: "Firefox 3 integrates elegantly with your antivirus software. When you download a file, your computer’s antivirus program automatically checks it to protect you against viruses and other malware, which could otherwise attack your computer. [available in Windows only]"

The install file does not report the problem. It is only after it is installed, the executable has the suspect code in it.
cfb

[DavidR]

Here is the link to the Virus Total scan: http://www.virustotal.com/analisis/5c25d612defdecf5a5ba2a69cf786d4e
I emailed the suspect file zipped with a password to virus@avast.com.

Certainly looks like an FP, Alwil are usually very quick in correcting it once confirmed.

I think that the "Firefox 3 integrates elegantly with your antivirus software" is somewhat exaggeration/wishful thinking on their part as there a number of AVs it doesn't integrate elegantly (or otherwise) even in windows versions.