7 new F/Ps since Avast's Update on 10/14/2009. Please take a look!

Dear Avast Support,

Holdem Manager (from RVG Software) is a program used for online poker, used by many many people. It’s a safe program. The newest Avast version released on 10/14/2009 and on is detecting 7 Holdem Manager related files. Many Holdem Manager users with Avast have gotten these detections and have since been unable to use Holdem Manager due to Avast shutting the program down upon launching it. Several other AV programs such as AVG, Avira, Kaspersky have also detected these files. However AVG has since fixed their detections on this about two days ago.

http://img2.imageshack.us/img2/48/fpavast.jpg

These detections (and more) have also come up with Malwarebytes Anti-Malware in the past (about 2 months ago), but have since been fixed. Thread of that can be found here http://www.malwarebytes.org/forums/index.php?showtopic=21738.

The thread on the Holdem Manager forums since people have started getting these detections can be found here: http://www.holdemmanager.net/forum/showthread.php?t=19162

I will be sending all seven of those files to you through the virus chest for you to take a look at (I will reference this thread here upon sending them). I will await your input, thanks.

Kind regards,

  • Carl

We’ll have to wait for the Alwil team to correct it.

I also run this program and reported it as well. It’s been 3 definition updates and still no fix. Is that within the normal time frame for a false positive? The majority of scanners on virustotal and jotti have now reported the file as malware as well. It’s not really a problem I guess, since HEM have updated their program.

I don’t really know much about this stuff, but is there a possibility that some other virus may have ‘hacked’ HEM and caused this, or is it for sure just the way that their code was written?

Could we possibly have the links?

I wonder if, as you say, that the program may be infected after all.

My mistake, only Jotti is reporting over 50%. Virustotal only has it 41.47%

http://virusscan.jotti.org/en/scanresult/8e3a357da774c3588747550e94477ed61f2aad1a

http://www.virustotal.com/analisis/c12fe3a7aefbddcdbd828a165e2da454e09178ec6398d3e1e70698a320cd1734-1255896092

Well, I would have said that it looks like a more genuine detection, after seeing that…

I suppose it is down to ALWIL to say yes or no on this one…

[edit]
Well, I just found this:

1.09 Beta 40 (with anti virus false alarm fix)

Whether it is a ‘FP’ or not…who knows…

Yeah, I’ve been holding off on the beta 40 release because many people have had problems getting it to work. I was hoping the FP issue would be resolved by now. I’ll probably just take my chances with the new update now.

Hi Jason67 and spg Scott,

See what it does this file, according to the txt file I attached,

polonus