False Positive on Website's Link Download

Hi there,

There’s a site at: http://dime.lo4d.net/ that uses a donation method of ‘dimes’. Basically, you purchase 10 ‘dimes’ via PayPal for $1 and each time you download from the site it takes one dime away. A neat donation variant. Anyway, when I try to download the program, Swanky Paint, at the URL: http://dime.lo4d.net/dl/swpaint?download=swankypaint.v15.376.exe avast!'s infection window appears and tells me the page is blocked due to ‘Drep’. I suspect because of the paywall (and because the site is quite small-scale) not enough users have accessed it and so it’s automatically flagged. Once I’d temporarily disabled avast! and downloaded the file I scanned it, and as suspected avast! had no problem with the exe installer.

Is there any way for this to be marked as a false positive, or will it be impossible because the file can’t actually be downloaded without having already purchases these virtual ‘dimes’?

you can report it her https://support.avast.com > avast virus lab

Hello,
DomainRep is a feature of Avast which blocks PE (.exe, .dll, …) files downloads if all of these conditions are met:

  1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
  2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) PE files from the domain yet,
  3. The file is not signed or Avast does not trust the signature.

Once one of these conditions is no longer valid, Avast will stop flagging the download.

Milos

Thanks. I submitted the link/file anyway.

I could easily see those three criteria not being met (any of them). This is why I think it was flagged, as opposed to any actual suspicious activity.