Author Topic: 1click dvd copy false positive  (Read 4530 times)

0 Members and 1 Guest are viewing this topic.

Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
1click dvd copy false positive
« on: May 22, 2010, 01:25:04 AM »
When it will fixed permanently? Each time that 1click is updated avast flagged it with w32.Vitro virus and I had to report it to Avast.
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: 1click dvd copy false positive
« Reply #1 on: May 22, 2010, 03:08:18 AM »
I can't say for sure... but Vitro is a very dangerous infection. Are you sure it's a false positive?
Can you send to www.virustotal.com and check?
The best things in life are free.

Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
Re: 1click dvd copy false positive
« Reply #2 on: May 22, 2010, 07:26:44 AM »
I can't say for sure... but Vitro is a very dangerous infection. Are you sure it's a false positive?
Can you send to www.virustotal.com and check?

Yes, only Avast and Gdata report a virus
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85384
  • No support PMs thanks
Re: 1click dvd copy false positive
« Reply #3 on: May 22, 2010, 03:32:59 PM »
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Your signature doesn't say what version of avast so I have assumed (not good) that you have 5.0.545 the latest avast version.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: 1click dvd copy false positive
« Reply #4 on: May 22, 2010, 05:04:44 PM »
it's because 1click is in each new instance packed with ACProtect/UltraProtect and the unpacked binary contains some "noise" that triggers this detection.. it is really difficult to fix such stuff permanently..

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: 1click dvd copy false positive
« Reply #5 on: May 22, 2010, 05:40:44 PM »
Thanks Maxx for throwing some light on what is happening. We appreciate the feedback.
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85384
  • No support PMs thanks
Re: 1click dvd copy false positive
« Reply #6 on: May 22, 2010, 06:08:17 PM »
it's because 1click is in each new instance packed with ACProtect/UltraProtect and the unpacked binary contains some "noise" that triggers this detection.. it is really difficult to fix such stuff permanently..

Perhaps something to add to a checking list (to maintain the latest 1click version), not a white list as such as you wouldn't want to ignore it completely. Or if it is based on the packers, perhaps other checks if it comes up Vitro.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: 1click dvd copy false positive
« Reply #7 on: May 22, 2010, 06:50:16 PM »
Vitro generates false positives very rarely, but it can happen from time to time, mostly under some "strange" packers (ASProtect, ACProtect) as they modify the file to a similar form :-\

Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
Re: 1click dvd copy false positive
« Reply #8 on: May 22, 2010, 07:02:27 PM »
It is rara that it dont happen in their PRO version
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS