Author Topic: Avast is False Detecting an iWin file that prevents download  (Read 10189 times)

0 Members and 1 Guest are viewing this topic.

david_gamer

  • Guest
Avast is False Detecting an iWin file that prevents download
« on: August 18, 2008, 10:00:04 PM »
Hello,

When I try to download any game from iWin.com Avast pops up a big warning and prevents the download - but Symantec and McAfee allow it on my other machines.

The Avast message is

Adware Was Found
filename: http://dl.iwin.com/games/v2/1736765502542321936/1737081773154888594/13/0/jewel-quest-iiiSetup.exe?ACDCMD=PF/1736765502542321936/1737081773154888594/13/0\$INSTDIR\iWinGamesHookIE.dll

Maleware name: Win32:AdMedia-J [Adw]
VPS Version: 080818-0. 08/18/2008

How can I allow this download to take place?

I have entered http://www.iwin.com/ and http://dl.iwin.com in the Exceptions

Thanks,

David



Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast is False Detecting an iWin file that prevents download
« Reply #1 on: August 18, 2008, 10:13:19 PM »
Thanks for reporting the false positive.
Can you send a sample to virus (at) avast (dot) com for analysis?
Generally they correct the false positives very soon.
The best things in life are free.

david_gamer

  • Guest
Re: Avast is False Detecting an iWin file that prevents download
« Reply #2 on: August 18, 2008, 10:20:36 PM »
Hi Tech,

I did send a ticket in to Avast through the website on Friday and the ticket was closed with no comment visible to me. I re-opened the ticket and sent in the same message that I shared on this forum.

I'm not sure if it was a file or url that was the issue as the error message did not give a file name like I expected. The file name may be: iWinGamesHookIE.dll

Which is commonly seen as generic adware but not flagged as malicious.

I ran that file through the VirusTotal site and it passed on some software and failed with others.

The Avast version that site has is very old. It showed:
Avast   4.8.1195.0   2008.08.18   Win32:AdMedia-J

I will send the file in the ticket I have open with Avast.

Thanks for the help.

David

david_gamer

  • Guest
Re: Avast is False Detecting an iWin file that prevents download
« Reply #3 on: August 18, 2008, 10:28:27 PM »
Hi Tech,

I sent the file: iWinGamesHookIE.dll
to virus@avast.com

Thanks,

David

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast is False Detecting an iWin file that prevents download
« Reply #4 on: August 18, 2008, 11:19:15 PM »
Thanks to you.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Avast is False Detecting an iWin file that prevents download
« Reply #5 on: August 18, 2008, 11:46:20 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Avast is False Detecting an iWin file that prevents download
« Reply #6 on: August 19, 2008, 12:13:16 AM »
Hi Tech,

I sent the file: iWinGamesHookIE.dll
to virus@avast.com

The virustotal scan is pretty conclusive, this is adware.
http://www.virustotal.com/analisis/4dc96d622117a059d5dca1d933cbfb23

With 25/36 detections most reporting it as adware and some scanners detecting something a little more sinister.

This is why you should always confirm the detections.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast is False Detecting an iWin file that prevents download
« Reply #7 on: August 19, 2008, 12:23:16 AM »
Thanks for reporting the false positive.
Oppss, I need to be more careful. I think David is correct...
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Avast is False Detecting an iWin file that prevents download
« Reply #8 on: August 19, 2008, 12:33:29 AM »
<snip>
I ran that file through the VirusTotal site and it passed on some software and failed with others.

The Avast version that site has is very old. It showed:
Avast   4.8.1195.0   2008.08.18   Win32:AdMedia-J
<snip>

The actual version of avast isn't critical (in this case) the critical part is the date under Version as this is the virus signature date and that is today's date.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Jtaylor83

  • Guest
Re: Avast is False Detecting an iWin file that prevents download
« Reply #9 on: August 19, 2008, 01:53:34 AM »
I think it's the BHO it maybe detecting.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Avast is False Detecting an iWin file that prevents download
« Reply #10 on: August 19, 2008, 02:41:41 AM »
It isn't the BHO it is detecting, it is the file you are uploading not a BHO (registry string) to VT, I uploaded the iWinGamesHookIE.dll file. VT hasn't got a clue how the file might be called.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wyrmrider

  • Guest
Re: Avast is False Detecting an iWin file that prevents download
« Reply #11 on: August 19, 2008, 05:47:09 AM »
OP What now?

david_gamer

  • Guest
Re: Avast is False Detecting an iWin file that prevents download
« Reply #12 on: August 19, 2008, 07:56:04 PM »
Hi Tech,

Thanks for the tip on how to send this in to Avast support!

I received this note from Avast today:

Hello David,

Please accept our apologies for our false alarm message. Our virus specialists have been working on the problem and our virus definitions have now been updated. 

Please therefore update your virus database, which should prevent any recurrence of this problem.

Best Regards,


david_gamer

  • Guest
Re: Avast is False Detecting an iWin file that prevents download
« Reply #13 on: August 19, 2008, 07:58:57 PM »
Hi DavidR,

I do use the VirusTotal website - thanks.

David

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: Avast is False Detecting an iWin file that prevents download
« Reply #14 on: August 19, 2008, 08:16:34 PM »
You are honoured to receive a direct reply, two down (as GData uses two scanners one of them being avast) only 23 other detections of the original 25 from VT to correct ;D

I have to say I have never seen a detections with so many VT hits being confirmed as a false positive.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security