I am running an encryption program called Silver Key 2.01 from Inv Softwork and have just installed Avast 4.0 Pro for evaluation. On the first scan through it calls out any file that I have encrypted with silver key and one of the components of Silver Key as having the Win32.Trojan-gen {UPX!} . Neither Norton, Trend Micro, Adaware or Spybot detect anything wrong with these files only Avast. Is this a false positive? If so how can I get Avast to ignore this?
You can use the ‘Exclusion’ list of folders into avast! settings.
I’m affraid it’s not posible to exclude just one extension but you can disable scanning files on open, create and modify (Standard Shield options).
None ot this is the best solution anyway. I suggest you send some files for analysis to virus@asw.cz 8)
I received a reply from the support team at silver key. They use UPX to shrink the size of the executable file that they create. Avast picks up on this and labels the file as infected as UPX is a favorite tool among hackers to shrink the size of their viruses. So in this instance it is a false positive. I have sent the problem on to the support team at Avast with file samples. Hopefully their is a way around this problem. Ideally which would be to make Avast recognize the difference between an infected file that was packed with UPX and a legitimate file that UPX was used on. Or to be able to disable the checking of W32.Trojan-gen {UPX!} in the resident shield. Putting files in the exclusion list that have the UPX signature in them is not feasible as that is a lot of files and a very dynamic list.
If you use XP you can ofcourse that louzy peace of encryption software and use XP’s build encryption.
Unfortunately we are using 2000 (server and ws), 2003, NT, and XP here at work so that is not a solution. I have sent tech support an email asking them how I can disable the scanning for the w32.trojan-gen {UPX!} but have recieved no reply since Friday. If by tomorrow I still get no reply I will have to eliminate Avast from my evaluation (which I don’t want to do) and go with Norton instead for my company. Does anyone know of a way to either stop scanning for UPX or delete the defintion?
Please submit the EXE file in question to virus@avast.com and include a link to this thread to the message body.
The virus guys will take care of this false positive (if it really IS a false positive)
You will regret if you do not wait… ;D
As I read previous in this forum, the definitions could be corrected but they are not removed from the VPS file. I think they would handle it…