Another FP in Longman Dictionary

Today I updated the database of Avast on a stand-alone computer and ran the boot scan. Now Avast found that the file npwthost.dll from \Longman\LASD4\plugins is an ad-ware. As far as I understand that file is one of the plugins that helps to demonstrate pictures, videos and sounds from “Longman Active Study Dictionary” using QuickTime. I think that it is a false positive: that file was installed from an official Longman CD three years before and Avast have been keeping silence about that file until today’s update.

Try checking it via VirusTotal.

What for?
http://smiles.kolobok.us/icq/pardon.gif
It has been already checked before Longman put it on its CD.

Anyway, here are the results (http://www.virustotal.com/en/analisis/4401b0a57a9dbea39c64c1b04d71f4cfa7322e4bf921f28f6be97f93c270e5b8-1250252145) and some more information on the file (http://www.processlibrary.com/directory/files/npwthost/).

Its called positive confirmation, so when you send it to avast stating you believe it is an FP you have some positive evidence (though there are lots of hits in the VT results), also send the VT results URL.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic, VT Results URL, might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

I have sent the report about the false positive by e-mail.

Thanks for helping improving detection.

Thanks for the improvement in detections. Hope it gets analyzed as soon as possible.

Three days have passed. What are the results? Is the false positive confirmed?

Try scanning the file itself & see if it gets detected. From what saw in the VT analysis, it is very probable of being an adware.

Three years after it has been installed from official CD? It’s like you work with a man and three years later you say he is a monkey.

currently under analysis…

A lot of things may change within 3 years since you just said that it wasn’t on the CD anymore, therefore, on the Local Disk. Let’s wait for the confirmation.

Hello-
There are many programs that ID WildTangent as something that should be avoided. Do some light reading and then make your own choice, start here http://en.wikipedia.org/wiki/WildTangent. I don’t believe this is a FP but a good detection by Avast. If you want to keep it then just tell Avast to ignore it.

Just as an aside- you should have posted this in the virus and worm forum :wink:

I am too incompetent to draw a conclusion from a Wiki article.
http://smiles.kolobok.us/standart/scratch_one-s_head.gif

george funny you are :wink:
(I posted that link because it was the first one that came up when I googled “WildTangent” ;D )

max

I’ve got the response:

Hello,

and thank you for notifying us about false positive, it has been already fixed.
Best regards,

Pavel Havajik
Alwil Software, a.s.

http://smiles.kolobok.us/artists/just_cuz/JC_ThankYou.gif

http://smiles.kolobok.us/artists/just_cuz/JC_ThankYou.gif

http://smiles.kolobok.us/artists/just_cuz/JC_ThankYou.gif

Every time I read this topic Malwarebytes (MBAM) alerts on 188.120.33.58 and blocks the content

12:31:49 Ken IP-BLOCK 188.120.33.58 12:31:49 Ken IP-BLOCK 188.120.33.58 12:31:49 Ken IP-BLOCK 188.120.33.58 12:31:49 Ken IP-BLOCK 188.120.33.58 12:31:59 Ken IP-BLOCK 188.120.33.58 12:31:59 Ken IP-BLOCK 188.120.33.58

It’s the smileys, that IP refers to kolobok.us…apparently MBAM doesn’t like it…
http://samspade.org/whois/188.120.33.58

An infected Ruskie site. ::slight_smile:

Maybe his Norton anti virus subscription ran out and he could not find a keygen to update the system :o

Sorry for inconveniences but I think you are wrong. You’d better check MBAM for false positive.