Hello, icesword 1.20 en (english version) has been detected by avast to have Win32:Trojan-gen {Other} . I have the latest definitions of avast! and program version. Interesting enough, this file was detected in an earlier definition of avast! as having a trojan, but was then cleared in a later definition update. Now it is being detected as a trojan again. I have downloaded this version from the main site, so i doubt the file is bad.

Another interesting fact, icesword 1.22 en (the newest version of icesword) has not been detected with a trojan with the latest definitions, only the 1.20 version.

I know that u avast! guys would advise me send the file in an email to virus@avast.com , but I use yahoo email, not outlook or another type of email program like that (if i send it in an attachment with yahoo would that actually work?). Anyway, you can find the older file to download from the official site: http:// antirootkit.com/software/IceSword.htm (*i fixed this link, so polonus 1st response wont make sense to anyone)

Please let me know a response. I appreciate the work u guys do.

Hi philly12,

Just one extra space could have made the life link unclickable but still readable,

http: //antirootkit.com/software/IceSword.htm
or
http:// antirootkit.com/software/IceSword.htm

See?

polonus

oh sorry, well at least its a safe site. Anything to say about it being a false positive, and can you use yahoo email to send attachments to virus@avast.com ?

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
(yes, you can use yahoo mail as far I know). Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limits 10 and 15MB each.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be carefull, you should ‘exclude’ that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file - there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

okay, i did what you said and sent it in a pw protected zip to virus@avast.com, thank you. Here are the results of virustotal:

File IceSword.exe received on 01.08.2008 18:33:44 (CET)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - Win32:Trojan-gen {Other}
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - BlockReason.0
Additional information
MD5: 8888d0e211aabdd9155d1d87602b6949

I downloaded IceSword 122en and runned it without problems.

yep…i said that the 1.20 en version is the infected one, not the 1.22 en version

“Another interesting fact, icesword 1.22 en (the newest version of icesword) has not been detected with a trojan with the latest definitions, only the 1.20 version.”

Then, i think u must download the last version, IMHO.

well the point wasn’t to find a safe version…and i’m using the 1.22 version now. The point was to report a possible false positive (no matter what version) which i have done.

You’re right. Hope they correct the false positive detection.

this has been fixed. Thank you.