Avast Home edition 4.8 False positive detection

Started by galassva, October 22, 2008, 08:53:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

galassva

October 22, 2008, 08:53:56 PM
Hi all,
this topic only to inform that installing MASM/WINASM I've been notified for a couple of file infected:
PROCMAP.exe
ENUMWIN.exe
...

I've removed installation, turn off AVAST antivirus, installed all.

Next step to AVAST site for online check. File result still infected (Win32:Trojan-gen {Other}).

Next to Kaspersky site. Result was CLEAN.

Last on Jotti's herebelow the summary

Scan taken on 22 Oct 2008 20:47:11 (GMT) 
A-Squared  Found Trojan.Crypt.XPACK!IK 
AntiVir  Found TR/Crypt.XPACK.Gen 
ArcaVir  Found nothing
Avast  Found Win32:Trojan-gen {Other} 
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
CPsecure  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
G DATA  Found nothing
Ikarus  Found Trojan.Crypt.XPACK 
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Sophos Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing

I hope to be a false positive.  :bg

Last action excluded MASM & WINASM directory by AVAST scan.

Ciao
Valentino

hutch--

#1
October 22, 2008, 11:03:57 PM
Thanks for the feedback, the source is available for ENUMWIN in the masm32 sdk and PROCMAP is a very simple application written in a basic compiler with no source code problems either. Sad to say not all AV products are created equal and with the number of false positives from the junky ones, its risky to use stuff that takes shortcuts like this as they may miss serious probklems and leave your machine infected.

Anything that reports GEN or DROPPER or similar has defective heuristic scanning that cannot deal with either very small files or installations that write SFX applications to disk during the installation. If you must use AV stuff, use the classy reliale products but if you are experienced enough setting up computers you can firewall the box so nothing gets in that you don't want and you NEVER download or install anything that you don't know its full contents. Also keep a backup with a disk imaging program like Norton Ghost or Acronis of your most current setup as this cannot be beaten by any virus/trojan.

The second option frees your machine from the risks of both virus writers and AV vendors, in some cases being the same.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

galassva

#2
October 23, 2008, 11:22:26 AM
Thanks Hutch for your suggestion.

I've a router with hardware firewall (I've disinstalled zonealarm, I don't like so much) and Acronis Image.

Just a question, can you give a name for a freeware AV usefull for MASM?

Tks a lot

Valentino

hutch--

#3
October 23, 2008, 12:47:12 PM
Valentino,

Mke sure your hardware firewall is set up and running, it even defeats holes in the operating system. I personally use a freeware firewall called Ghostwall as it can be set up to do what I want on top of a hardware version. Remove any automatic AV scanning as it slows your machine down while it scanns everything that runs. If you must keep AV scanners, make sure they only run when you want them to manually. Same with Spyware detection.

Try and get an email scanner that checks what has arrived on the email server before you download it, you then just scan the list and if its spam, not for you or has an attachment that you don't know what it is, delete it without it ever being downloaded onto your machine. Remove any services you don't need, if you are not runing your box as an FTP server, disable it and anything else like it as this reduces the surface area that you can be attacked through.

If you set your machine up like this so you are fully in control of it AND you exercise the appropriate discipline in what you download onto your machine, you are free of the virus merry go round where virus writers and AV vendors compete with each other on your machine.

When you make the Acronis backup, make sure its a clean installation that has what you want on it and archive it at least on another partition so that if something happens, you can restore your machine in about 5 minutes, not days and endless hassles.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

cquaj

#4
December 28, 2008, 02:01:12 PM
An update on Avast...

I did a download of MASM32 on 28th Nov with the 'Win32: Trojan-gen {Other}' issue.

Today I downloaded MASM32 (and installed) with Avast running (no exclusions) without any problems.
Seems like they've fixed the problem.

Virus database is VPS 081227-0

Cheers...

hutch--

#5
December 28, 2008, 03:33:44 PM
Thanks for the info, note that the masm32 version 10 SDK has not changed and it still has all of its original files so it appears they have fixed something to avoid the false positives from the earlier version.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php
Print
Go Up Pages1
User actions