Author Topic: false +ve about Trojano?  (Read 2622 times)

0 Members and 1 Guest are viewing this topic.

kenr

  • Guest
false +ve about Trojano?
« on: June 09, 2004, 02:25:46 PM »
G'day folks,
Firstly - thanks for an excellent product.
Second - My avast! 4 seems to be reporting a long installed file as infected when another product, Grisoft AVG, reports it as clean.

Virus name:     Win32:Trojano-140 [Trj]
File name:       c:\Program Files\TMR\updater.exe
VPS version:    0424-1, 08/06/2004
Build:             Apr2004 (4.1.396)

The file involved is the updater part of Phatsoft's TMR (a reminder program, http://www.phatsoft.net).  It has been installed since November 03.

I've also scanned it with CWShredder and SwatIt.  They didn't report problems.  How do I prove/disprove this as a false positive?

Regards
Ken

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:false +ve about Trojano?
« Reply #1 on: June 09, 2004, 02:30:34 PM »
I recommend that you send the sample with some description to virus@asw.cz. Its most probably a FP,but Alwil analysts will check it anyway to be sure :)
Visit my webpage Angry Sheep Blog

kenr

  • Guest
Re:false +ve about Trojano?
« Reply #2 on: June 10, 2004, 02:58:15 AM »
After this morning's VPS update to 0424-2 the problem's gone away.

Thanks guys

Regards
Ken