Hi,
I tried to install a program called WeatherPulse (
http://www.tropicdesigns.com) on my system a few days ago, but almost immediately upon launching the installer, Avast complained about a trojan in the file 'ginstall.dll'. After going back and forth about this a few times on
their forum, I decided to see if you could shed any light on the issue.
The file 'ginstall.dll' that triggers Avast's alarm is created in the system Temp directory by their installer almost immediately upon launch, as a very early part of their extraction process. Due to Avast's alert, the installation never gets past this point.
My guess is that they're using some version of CreateInstall or SetupGenerator, both by
Gentee, since this installer is known to create a file named 'ginstall.dll' as part of its extraction process. However, an earlier version of 'ginstall.dll' (created by an installer I built myself several years ago using SetupGenerator) does not trigger Avast's alert.
I believe the company, Tropic Designs, are probably legitimate and are not trying to install anything malicious; however, this doesn't rule out their being victimized themselves.
Another user is reporting that other anti-virus utilities do not detect anything dangerous, but over the last year or so I've really come to trust Avast. Though I suspect this alert is a false positive (matches a virus signature but is not actually a virus), I am not certain enough to disable Avast in order to continue the installation.
You can download the entire installer (v1.55 or v1.55.9 beta - both trigger the same alert) directly from
Tropic Designs or, if you prefer, I have a copy of the "infected" ginstall.dll file that I'll be happy to send to you by whatever means you like (it's roughly 55KB). Between us, hopefully we can determine once and for all whether this is a trojan or a false positive.
Thanks in advance,
-- Jeff