Author Topic: Avast 5 : Regmon detected as Win32:Trojan-gen  (Read 5120 times)

0 Members and 1 Guest are viewing this topic.

Pulsar33

  • Guest
Avast 5 : Regmon detected as Win32:Trojan-gen
« on: February 07, 2010, 04:07:08 PM »
Hi All,

As said in the title, with Avast 5 newly installed, Regmon.exe is detected as Win32:Trojan-gen.
However, this program has not changed.
It is on my PCs since years and was never detected as malicious before.

False Positive ???

Thanks for your replies.
Pulsar33

Mr.Agent

  • Guest
Re: Avast 5 : Regmon detected as Win32:Trojan-gen
« Reply #1 on: February 07, 2010, 04:12:18 PM »
Please upload your current file on www.virustotal.com and post back the result. ;)

Pulsar33

  • Guest
Re: Avast 5 : Regmon detected as Win32:Trojan-gen
« Reply #2 on: February 07, 2010, 04:25:03 PM »
Thanks for your quick answer !

Here is it :

Le fichier a déjà été analysé:
MD5: 622b7afd21be17fbb84b46fa31fdcc0b
First received: 2009.10.04 12:25:31 UTC
Date 2010.02.01 00:51:10 UTC [>6D]
Résultats 1/41
Permalink: analisis/126c9d26d0df3c73194fffe2241005511bfe070cf69561b6103220bea2eb1ee5-1264985470

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.01.31 -
AntiVir 7.9.1.154 2010.01.31 -
Antiy-AVL 2.0.3.7 2010.01.28 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.01.31 -
...
McAfee+Artemis 5878 2010.01.31 -
McAfee-GW-Edition 6.8.5 2010.02.01 Heuristic.LooksLike.Win32.Hefi.L
...
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.174 2010.02.01 -
TrendMicro 9.120.0.1004 2010.01.31 -
VBA32 3.12.12.1 2010.01.29 -
ViRobot 2010.1.30.2164 2010.01.30 -
VirusBuster 5.0.21.0 2010.01.31 -

One detection for 41 tests and just "Looks Like" ...

What do you think about that ?

Regards
Pulsar33


Pulsar33

  • Guest
Re: Avast 5 : Regmon detected as Win32:Trojan-gen
« Reply #3 on: February 08, 2010, 12:23:40 AM »
Hi,

How can I suggest to Avast developpers to remove this False Positiv ?

Regards
Pulsar33

spg SCOTT

  • Guest
Re: Avast 5 : Regmon detected as Win32:Trojan-gen
« Reply #4 on: February 08, 2010, 12:28:27 AM »
To report false positives:



You could also send the file in a password protected archive to virus(at)avast(dot)com with 'potential false positive' in the subject line and the password in the email body.

or

You could add the file to the user files of the virus chest and send it from there:


Left click avast! tray icon --> 'Maintenance' tab --> Right click and select 'add'

Once the file is added, right click the file --> 'Submit to virus lab'

NOTE:
The file will actually be uploaded when the next update is performed (you can do a manual update to initiate the sending)



You could also add a link to this thread and some more information when you do.



...You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
...

Pulsar33

  • Guest
Re: Avast 5 : Regmon detected as Win32:Trojan-gen
« Reply #5 on: February 08, 2010, 12:57:36 AM »
That's done !
Thanks
Pulsar33

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2297
Re: Avast 5 : Regmon detected as Win32:Trojan-gen
« Reply #6 on: February 08, 2010, 08:39:14 AM »
Hello,
thank you for sending sample. False positive will be fixed in next VPS (100208-1) update.

Milos

Pulsar33

  • Guest
Re: Avast 5 : Regmon detected as Win32:Trojan-gen
« Reply #7 on: February 08, 2010, 09:05:51 AM »
Hi,

Thank you for your so quick action !  :)

Have a good day
Pulsar33