A False Positive from Avast!! Help??

I would like to report a False Positive to Avast.

Today I downloaded Free Avast 7 on my laptop. Everything was fine until I discovered a False Positive. When I tried to install a program called RegInOut System Utilities Version 4, a notification appeared that Avast was analyzing a suspicious program- RegInOut, and hence it was running in the Sandbox. In a matter of seconds, the program installation failed and Avast showed another notification “We did not find enough evidence to identify the file as malware”. It is an irritating problem since I can’t install RegInOut.

I downloaded RegInOut from its official website, i.e. http://reginout.com/. I am a paid client of this program, and I am using it for 1 year without any complaint. It’s an Intel Software Partner, and has been tested by McAfee SecureSite.

I request Avast Research Team to remove the false positive as soon as possible.

Thank you.

This is not a false positive as 2 av flag setup.exe here as adware: https://www.virustotal.com/file/17639bfa78e96ee0f1ae83e1c6375c6271774f3446a41b12285d532fc8153e11/analysis/1353326036/
see this analysis: http://anubis.iseclab.org/?action=result&task_id=1f545552c33dbf7d429292e8b14c0f550&format=html

polonus

http://zulu.zscaler.com/submission/show/5cd6c6dded212a4d21e01f26eee50c93-1353665465

Hi Asyn,

As you can see from the VT results and the Anubis analysis this is riskware or a so-called PUP detection.
The executable has namely trojan like backdoor qualities and that is why it was flagged by ByteHero & ESET,

polonus

Comodo now detects reginout_setup.exe as UnclassifiedMalware. https://www.virustotal.com/file/6b64c2a4aad4baa04d556089f0d5fda3f90a9f76ac9f818730b49b9ba57624af/analysis/1353671340/

Hi Simion,

Thanks for reporting and your feedback on this. The detection concerns “Microsoft\​Tracing\​RASAPI32 enable filetracing”, mentioned in the Anubis analysis , and this is what is triggering the generic backdoor detection i.m.o.
Read here what it does: http://support.microsoft.com/kb/161426
It enables logging with routing and remote access, with a normal application that is enough for a PUP or a riskware status.
For malcreations it will mean a additional backdoor installed inside the malcode,

polonus

Norman lab added detection for this in the PUP category… reginout_setup.exe - AntiMalwarePro.CX

Detection is added for the file under Potentially Unwanted Category . The Registry shows some problems which is not a error and we need to pay for cleaning Up to 1 Computer $29.97 ,Up to 3 Computers $39.97 , Up to 5 Computers $49.97 & Up to 10 Computers $99.97 . The License code has however a Norton Secured seal and is present in the intel store , -http://software.intel.com/swfinder/productpage/tabid/85/language/en-us/p-4869-reginout-system-utilities.aspx and the website has the context -http://www.sorcim.com/products/index.php , there needs to be a trail version to check the product before a user can decide . Thanks for Submission

ThreatExpert report
http://www.threatexpert.com/report.aspx?md5=b38ed0fe3cc0cf087bc698b2cef757e8

Good to know Avast is picking this up! It gives me more confidence that it’s working well.

Hi TweetyPie,

That is why I am scanning all these VW suspicious and malicious sites from all various online resources
to establish avast av and the avast shields will flag all these threats and is not missing something…
And believe me avast means business here and it is getting better all of the time.
And I have been analyzing quite some online malcode in the latter 7 years, more than some can choke (all in a secure way of course).
And where avast misses out issues, we all here take care to report to virus AT avast dot com so detection can be added a.s.a.p.
And relax and know that polonus is not alone, he has a lot of forum friends here that also “holds avast pulse” in this respect as to put it that way,

polonus