Here at Lake Software, we’ve been distributing software for disabled people, including the Click-N-Type Virtual keyboard, free of charge, since around 2002. The software has many add-ons and language packs. See http://CNT.Lakefolks.com . Back around 2004 we wrote a VB6 program called AOinstall.exe that is included in every one of our self extracting add-on packages.
The night before last, avast decided to identify this, and thus all of our add-on packages, is a Win32.Eve-gen [susp] virus. We are getting continuous complaints about distributing Malware. I have been submitting our add-ons, Language Packs, and AOinstall.exe itself, as False Positives through 3 update cycles now, with no change. How do I get their attention. They’re ruining our reputation.
So, it is not even two days ago you reported it as a possible false positive.
Have patience.
You are not the only one asking the people from avast to have a look at things.
Explained many times in here Win32.Evo-gen [susp] = suspicious … a on access detection only and will not show in any scan
WS.reputation by symantec
Behavior
WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.
The reputation-based system uses “the wisdom of crowds” (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
Yup. Don’t get me started on Norton Ransomware. We just have to live with them. That’s another thing that forced me to invent the http://cnt.lakefolks.com/contact.htm page. They wouldn’t allow me to reply to inquiries unless I payed to use their SMTP servers instead of DNSMadeEasy with a perfectly valid SPF record. We don’t have thousands of users. We only have about 700 to 800 disabled people, around the glode, in some 48 languages, who couldn’t access a computer before. Symantec doesn’t consider that popular enough, hence WS.reputation, I guess.
Anyway, that wasn’t the question. I wondered why Avast chose to pull the AOinstall.exe file out of all my self extracting add-on installers, while nothing showed up in VirusTotal. I think you’ve answered that, although I wish they’d stop it soon. Thanks.
Can someone explain how that’s possible when my Definitions are still showing 150111-1? The same update that still reported the false positive this morning?
Can someone explain how that's possible when my Definitions are still showing 150111-1? The same update that still reported the false positive this morning?
OK. I guess i need an education. i looked at the GUI interface, on this XP box this morning. It said 150111-1 but I attempted a manual update anyway. It was up to date. I tried downloading the False Positive file and Avast got upset. I opened the GUI again tonight and it still said 150111-1. A manual update reported that was still the latest. I downloaded the False Positive file and Avast correctly didn’t gripe about anything. Does that 150111-1 version mean anything? What’s with Stream{?} updates? Invisible?
Well yes, although I thought the default was every 4 hours. Still the Definitions version showed 150111-1 for the entire day yesterday. I’m referring to the GUI shown in the attachment from this morning. Should I be looking elsewhere, or is it not visible? I didn’t notice the “Release Date” or anything else.
To see the vps updates… right click on the avast desktop icon>click "open file location>double click “defs” .
To create a desktop shortcut for the vps updates…right click “defs”>click create shortcut.
