I had camera drivers downloaded from A4Tech homepage for a while now and recently (I believe it was last Friday) Avast! (4.8 Home Edition) claimed there were some signs of “Win32:Trojan-gen {Other}” in executable files that are part of the driver software. I allowed Avast! to delete the files. After a full scan of my HD, I removed copies of the files from the windows recovery, as the also had “signs” of the Trojan.

I became a bit puzzled, as I found that Avast recognized the signs of the same Trojan in my backup copy of the driver.

Then I downloaded a newer version of the driver (Direct link: http://www.a4tech.com/ennew/driver/CameraA.zip otherwise: camera driver for PK-635 model, to be downloaded from a4tech homepage, obviously). Avast yet again found signs of the same Trojan in the executables contained in the zip file.

Now… either I have some nasty rootkit here, or this is just a case of a FP. :-\

I’m using Windows XP, Avast! Home Edition + Spybot S&D + Windows internal firewall.

Any advise or help would be appreciated.

Edit: Never mind, after recent update Avast does not show signs of the Trojan in the downloaded driver.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.