Do I have a false positive Trojan (Win32:Trojano-1975[Trj]) detection

Several days ago I posted a query with respect to report from my avast software that it detected the presence of a Trojan (Win32:Trojano-1975[Trj]) on my system

Link to post is below.

http://forum.avast.com/index.php?topic=15799.0

I also send a copy of the suspect file to virus@avast three days ago. I note that my query in the thread specified above has not been answered, nor have I received a response from my email.

Perhaps I should have started a separate thread but since a thread already existed dealing with the same trojan, I though I could join it as I had the same query as the original poster.

I respectfully ask again, is this detection a false positive?

Your query has not been answered? I downloaded the mentioned file, scanned it - but didn’t get any virus detection. So, I recommended you to update to the latest version of virus database as it seemed that your VPS is not up-to-date.
Since there was no reply to that, I assumed the problem is already fixed…

Tanker,

after you post in that thread I asked you a question which you never have answered.
As Igor said, no malware is found in that file and it is likely you are using a old vps.
Current version is 536-5

My apologies gentlemen. I saw the posts you refer to but thought that they were meant for the other person. I knew that I had usd the current database.

Thank you for coming back so quickly on this one.

As I indicated above, my virus datebase is up to date. After reading your posts a moment ago, I did a file scan on the suspect file again and it is still detected as a trojan. I took a screenshot which you can see at the following link. (I am not sure that I can post an image here.) Please note the identification of the database number as 536-5.

http://seniorsline.com/50plus/valert.jpg

There is one possibility for the discepancy between your tests and mine.

After I downloaded the setup file, I executed it and I had to get a code from their site to open it for the 15 day trial period. This procedure would probably cause changes in the executable file.

I scanned the original downloaded set up file and it does not trigger the alarm. I suspect that this is what you have done.

I sent a copy of the executable file to the avast lab. Presumably you can check with them to see whether they have tested it yet and the results they obtained.

Thank you.

I scanned the suspect file this morning after my PC had updated to database 0538-6. The scan no longer reports the file to be a Trojan.

My conclusion is that the initial report was a false positive.

I provide advice to my fellow seniors about computer secrity issues. Up to now I have recommended your product aboove all others. I am now reassessing this because:
-although the liklihood of false positives cannot be completely eliminated, they do represent a special problem for users who are PC-unsophisticated because they may cause unecessessary alarm and panic
-accordingly, your response regarding false positive queries should be timely and complete.

Yours was neither. You took too long to fix it, you did not acknowledge my assistance in the matter with a reply, nor have you answered my question (was it a false positive?).

All programs, all, could have false positives. Almost every antivirus and antispyware have problems from time to time.
What can the unsophisticated users do? Follow the recomendation: send files to Chest for further analysis.

We’re users like you. You’re using a free antivirus and you’re just blaming about speed? Lack of support? :o
Try to find a faster support in any other antivirus company… you’ll be disapointed ;D

:slight_smile: A little while ago I came across a “thread” on the forums at
landzdown.com titled “AVG FALSE POSITIVE !!! ALERT”
which has caused some damage to a knowledgeable user.
See : www.landzdown.com/index.php/board,9.0.html .

Thanks… you’ve get my idea when I’ve answered to tanker. :slight_smile:

Thank you for your reply.

I did not realize that moderators are not Avast employees. Your help is appreciated.

My comments were intended for Avast management.

At the very least, I think that anyone who sends a suspect file to Avast for analysis should get a reply with some indication of the disposition of the case.

I’m not a Moderator… I’m an user. :wink:

I agree with you. It will be good to receive an answer explaining Alwil policy on submition 8)

I’m sure that avast could set-up an autoresponder without too much difficulty on the virus @ avast . com address to acknowledge receipt of the email (I’m sure that is what some other AVs do) and explain what they do with the sample, etc.

This would be better than no response at all and wouldn’t use valuable human resources who should be validating the submission and updating the VPS as required.

However, it is nice to have human feedback but I thing the priority has to be the analysis of the submission and update of the VPS as required.

Well, I agree that this particular FP took more than appropriate.
It was partly caused by the confusion about the detection - the latest files downloaded from the web page were not detected. However, the program really seems to download an updated version of the executables after registration (which I didn’t do when I tried).

Sorry about the troubles.

tanker wrote:

I provide advice to my fellow seniors about computer secrity issues. Up to now I have recommended your product aboove all others. I am now reassessing this because: -although the liklihood of false positives cannot be completely eliminated, they do represent a special problem for users who are PC-unsophisticated because they may cause unecessessary alarm and panic -accordingly, your response regarding false positive queries should be timely and complete.

Yours was neither. You took too long to fix it, you did not acknowledge my assistance in the matter with a reply, nor have you answered my question (was it a false positive?).

I can understand your concern, however just to give you a little history as far as my past experiences in regards to your post.

I’m sure you are well aware of a couple of AV programs by the name of Mcaffe and Norton. To make a long story short after using Mcaffe for about 2 years I switched Norton because Mcaffe missed a virus which destroyed my Operating System (OS) and all my data files.

I suppose one way to look at my experience with Mcaffe is that while I never did get any “false positives” those 2 years I think maybe I would rather have put up with a “false positive” now and then and saved my OS and files.

Now to Norton, when I installed the NAV2004 (which they forced me to do as they refused to support my NAV2002 any further) I had a couple of issues with Dial-up Windows popping up at innappropriate times (always at boot up and shut down). I sent numerous emails to Norton Support which were often misconstrued and resulted in getting unrelated answers to my inquiries. In the end Support was ultimately unable to address my problem so I finally had to shut down “Auto Update” to get rid of the launch of my Dial-up Window at intermitant times and boot up. I never did get rid of the Dial-up Window launch at shut down until I finally uninstalled Norton AV all together.

Moral of this story is while it took somtimes weeks to get a responce to my emails to Norton Support they were never able to address my problems in the end.

In conclusion, certainly Avast! may have issues from time to time (just as all computer software will at times) I can say that this forum was a very big factor in making my decision to go with Avast, besides the fact that I feel that Avast is likely at least as good if not better than most AV programs on the market and actually offers a considerable lattitude in choices as far as protection is concerned as compared to others. One other huge factor is the frequency with which the Virus signature DB is updated with Avast which very often is daily. This is a huge contrast to Norton who made updates available approximately very 10-14 days is perhaps the biggest reason Avast is my choice.

Glad to see that we’re useful and hoping Alwil does not forget this help we, the users, could affort to their business 8)