« previous next »
Pages: [1]   Go Down

Author Topic: Viruslike codes  (Read 4308 times)

0 Members and 1 Guest are viewing this topic.

Sartigan

  • Guest
Viruslike codes
« on: June 09, 2009, 03:09:51 PM »
I tried the avast! Professional and in the game's hack shield (MuOnline.HU) the avast! Home Edition signs for a Trojan. But it's a viruslike code. The game needs it for the hack shield. The avast! Professional doesn't signing for it. There is no virus in the game (the admin says).
If this issue can be fixed, please do it.

Thank you
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Viruslike codes
« Reply #1 on: June 09, 2009, 03:35:55 PM »
Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
Logged
The best things in life are free.

Sartigan

  • Guest
Re: Viruslike codes
« Reply #2 on: June 09, 2009, 04:45:52 PM »
This was in the avast!'s log file:
2008.12.05. 14:04:43 SYSTEM 1712 Sign of "Win32:PolyCrypt-CRH [Trj]" has been found in "C:\játékok\MuOnline.HU_S4\wzNpgx.dll" file. Well I would not believe in the fact that this is False positive. The False Positives are registered as a Win32:Trojan-Gen [---], not as a PolyCrypt-CRH [Trj]
This is a virus?
Logged

Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
Re: Viruslike codes
« Reply #3 on: June 09, 2009, 05:04:28 PM »
Quote from: Sartigan on June 09, 2009, 04:45:52 PM
This was in the avast!'s log file:
2008.12.05. 14:04:43 SYSTEM 1712 Sign of "Win32:PolyCrypt-CRH [Trj]" has been found in "C:\játékok\MuOnline.HU_S4\wzNpgx.dll" file. Well I would not believe in the fact that this is False positive. The False Positives are registered as a Win32:Trojan-Gen [---], not as a PolyCrypt-CRH [Trj]
This is a virus?

You are wrong not all false positive are detected as Trojan-Gen. Upload the file to Virus Total.
Logged
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
Re: Viruslike codes
« Reply #4 on: June 09, 2009, 05:11:24 PM »
It appears to be a virus, check this site

http://spywaredlls.prevx.com/RRHAIA44937528/WZNPGX.DLL.html
Logged
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

Sartigan

  • Guest
This is NOT A VIRUS
« Reply #5 on: June 12, 2009, 03:33:04 PM »
I have found the "virus". The avast! has a "bug" with it's virus filter. The "infected" file is condensed. This is not a virus!! Please fix that "bug" in the avast! Home Edition. The website (what calcu007 wrote) writes the following: The Process is packed and/or encrypted using a software packing process.
Logged
Pages: [1]   Go Up
« previous next »