« previous next »
Pages: [1]   Go Down

Author Topic: False Positive or Reclassification Submission  (Read 2431 times)

0 Members and 1 Guest are viewing this topic.

Yushatak

  • Guest
False Positive or Reclassification Submission
« on: August 02, 2010, 09:59:12 PM »
The commercial software "File Joiner", intended for packing a program and it's required files and modules into a single file, is detected as a Trogan-Gen - I presume Trojan Generation or Generator. While it's true that software like this could be used to bundle a trojan into an EXE, it's hardly fair to mark the software and any file that it creates as a possible Trojan. Even the demo version, which can't even create the resulting file, is identified as a Trojan-Gen.

Perhaps unwanted possibly malicious or some such is a proper category for this.

(http://www.file-joiner.com/)

Ironically, it says on the program's main page that it isn't detected by Avast, among others.. clearly the page hasn't been updated in a bit.

The non-malicious reason I seek to use this software is to create portable applications for use on my jump drive..
« Last Edit: August 02, 2010, 10:01:20 PM by Yushatak »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89116
  • No support PMs thanks
Re: False Positive or Reclassification Submission
« Reply #1 on: August 02, 2010, 10:50:24 PM »
Not generator - The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37546
  • Not a avast user
Re: False Positive or Reclassification Submission
« Reply #2 on: August 02, 2010, 10:55:03 PM »
Logged

Yushatak

  • Guest
Re: False Positive or Reclassification Submission
« Reply #3 on: August 03, 2010, 04:37:00 PM »
Seems that somehow my copy got infected in and of itself, as virustotal reports a Dialer.

Quite possibly a mistake on my part, then.
Logged
Pages: [1]   Go Up
« previous next »