Avast 5 : Regmon detected as Win32:Trojan-gen

Viruses and worms
1

Hi All,

As said in the title, with Avast 5 newly installed, Regmon.exe is detected as Win32:Trojan-gen.
However, this program has not changed.
It is on my PCs since years and was never detected as malicious before.

False Positive ???

Thanks for your replies.
Pulsar33

2

Please upload your current file on www.virustotal.com and post back the result. :wink:

3

Thanks for your quick answer !

Here is it :

Le fichier a déjà été analysé:
MD5: 622b7afd21be17fbb84b46fa31fdcc0b
First received: 2009.10.04 12:25:31 UTC
Date 2010.02.01 00:51:10 UTC [>6D]
Résultats 1/41
Permalink: analisis/126c9d26d0df3c73194fffe2241005511bfe070cf69561b6103220bea2eb1ee5-1264985470

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.01.31 -
AntiVir 7.9.1.154 2010.01.31 -
Antiy-AVL 2.0.3.7 2010.01.28 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.01.31 -

McAfee+Artemis 5878 2010.01.31 -
McAfee-GW-Edition 6.8.5 2010.02.01 Heuristic.LooksLike.Win32.Hefi.L

Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.174 2010.02.01 -
TrendMicro 9.120.0.1004 2010.01.31 -
VBA32 3.12.12.1 2010.01.29 -
ViRobot 2010.1.30.2164 2010.01.30 -
VirusBuster 5.0.21.0 2010.01.31 -

One detection for 41 tests and just “Looks Like” …

What do you think about that ?

Regards
Pulsar33

4

Hi,

How can I suggest to Avast developpers to remove this False Positiv ?

Regards
Pulsar33

5

To report false positives:

You could also send the file in a password protected archive to virus(at)avast(dot)com with ‘potential false positive’ in the subject line and the password in the email body.

or

You could add the file to the user files of the virus chest and send it from there:

Left click avast! tray icon
http://dl.dropbox.com/u/3105891/Pics/avast%205/other/avast%20tray%20icon.gif
→ ‘Maintenance’ tab → Right click and select ‘add’

Once the file is added, right click the file → ‘Submit to virus lab’

NOTE:
The file will actually be uploaded when the next update is performed (you can do a manual update to initiate the sending)

You could also add a link to this thread and some more information when you do.

6

That’s done !
Thanks
Pulsar33

7

Hello,
thank you for sending sample. False positive will be fixed in next VPS (100208-1) update.

Milos

8

Hi,

Thank you for your so quick action ! :slight_smile:

Have a good day
Pulsar33