False positive report

system · October 6, 2010, 10:42am

Hello,
We are the developers of a program for monitoring computer activity LanAgent. Our web site http://www.lanagent.com (http://www.lanagent.ru/)
Avast detectes one of the files of a new program version as Win32:Malware-gen. But it is not true. We upload this file at www.lanagent.com/system.zip Thank you.

Regards

Lisandro · October 6, 2010, 11:27am

Sorry for the inconvenience.
Hope the virus analysts correct is as soon as possible.

Milos · October 6, 2010, 11:30am

Hello,
thank you for notice, detection will be changed.

Milos

system · October 7, 2010, 6:34am

Thank you!

system · December 17, 2010, 8:12am

Hello,
We have again situation of false positive report with new version of our program LanAgent. Now it detectes as Win32:Rootkit-gen. We upload this file at www.lanagent.com/system.zip
Thank you.

Regards

system · December 17, 2010, 8:50am

Thank you for bringing this to our attention. Hopefully Avast will take care of this soon.

Pondus · December 17, 2010, 9:57am

VirusTotal - system.exe - 6/43
http://www.virustotal.com/file-scan/report.html?id=ed3f2850a55a8a2ee94c6b4b2c1bd4482033d98ec1037d3cd2553367e130a370-1292579653

Milos · December 17, 2010, 10:24am

Hello,
thank you for notice, detection will be changed.

Milos

system · December 19, 2010, 4:00am

I also have a similar problem. Lately I had to download and install Actual Spy Key logger because I found out that my teenager daughter was getting in forbidden activities on the internet. But now I am been blocked by Avast Shield after a recent update. It keeps blocking hk.dll and putting it into the virus chest.

Is there something wrong with this Software that I am not aware of and need to be? If not then how can I make an exception for this. I understand why it should warn me about it, just in case it was maliciously installed by someone else, but seeing that I (the administrator) deliberately executed it, then should I not be able to except it?
Oh I have also reported it as a False Positive. The original setup file was downloaded from here: http://www.actualspy.com/actualspy.exe

Thank you for your support.

igor0 · December 19, 2010, 1:58pm

Well, similar tools are not really false positives - in the sense that their detection should be removed; they’re more like PUPs.
If you want to keep the program, enter the corresponding path (of the detected file) into the list of File System Shield exclusions, and possibly also on-demand scan exclusions in program settings.

Pondus · December 19, 2010, 3:08pm

VirusTotal - actualspy.exe - 23/43
http://www.virustotal.com/file-scan/report.html?id=505b94b57ab383c5efd11759c1c2e217f0fcc41a625474a07a5214bec13b6f78-1292771173

The file is also detected by Malwarebytes as Application.ActualSpy

system · December 19, 2010, 4:07pm

Windows has reported this page as dangerous.

Pondus · December 19, 2010, 4:28pm

You mean the virustotal website ?

what warning, can you post a screenshot ?

system · December 19, 2010, 4:32pm

I tried to get it to do it again but it wont. lol. It just open this time.

Pondus · December 19, 2010, 4:34pm

do a malware check with this…

Malwarebytes Anti-Malware 1.50 http://filehippo.com/download_malwarebytes_anti_malware/
always update before you start scanning so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here

system · December 19, 2010, 4:37pm

Thanks for your support and explanation. I had to Google the “PUPs” :). I check the PC this morning and found that Avast did not see it as a Malware anymore, seems it was fix by your team. However I was not aware of the “File System Shield exclusions” options. I did try the scan exclusions but that did not work, so I am thankful for the information that you gave.

Best regards.

system · December 20, 2010, 1:27pm

Thank you!

False positive report

Announcements