Hello！

We are a security software provider in china,and we have an anti-trojan product,

Recently many users told us AVAST 4.7 Pro has false posistives on our software,

you can download it from http://www.lofocus.com/BTSetup2008.exe ,Please check it carefully,Our product is

not the virus which detected “Win32:Delf-EZM [trj],Win32:WOW-IT [trj]” by AVAST,

we hope you can resolve this false posistives as fast as you can,thanks…

BTW,I sent email to support@avast.com and virus@avast.com four days agoto report this false posistives,but still no response today.

Hmmm… Dr. Web also reports this d/l as infected… ???

have you locked or encrypted your signature files?

Nod 32 thought it was ok if thats any compensation

Your files indeed seem to contain uncrypted virus samples. In that case, we can’t do anything about it - please scramble your virus database properly.

[It’s possible that they are actually XORred by something - but if even the original malware file was XORred, you get the pure plaintext by using this “encryption”; so, something a bit stronger is needed.]

Our signature files are encrypted with our special algorithms,Notice:AVAST detected our virus database infected by trojan,

but our virus database are not PE format files,so it can not do anything harmful in user systems.

This fps is definitely made by avast,and our product’s signature files definitely aren’t malicious programs,

so i think this mistake should be fixed by avast,I sent mail to avast to virus@avast.com and support@avast.com again

but still has any response.

I just want to know anyone in avast can resolve this mistake,we are very depressed for avast’s services now.

I know that the files are not PE files - but they still contain plaintext samples of malicious files.
I don’t know what “special algorithm” you mean, but the pieces detected by avast! don’t seem encrypted at all to me.

Seems the same (or similar) as Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Read: http://www.avast.com/eng/virus_detection_and.html#idt_1554

Unfortunatelly, a well-known problem of Panda not encrypting its signatures

Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).