system
1
Avast has started reporting Win32:Dropper-gen [Drp] on a file c:\hp\documentation\OPS_Shortcut.exe on my system.
I ran it through Virustotal, results are below. Only GData and Avast are reporting a problem.
https://www.virustotal.com/en/file/2f156c703e4ef1048b48f83bd2d9abdf3df23c9f8505c5ad486c7f0a51e1ec3a/analysis/1398318561/
This behavior started with a recent Avast update (4/22/14).
False Positive? How can I tell?
I’d say FP…
First Submission 2010-06-19 01:57:08 UTC ( 3 years, 10 months ago )
Last submission 2014-04-24 05:49:21 UTC ( 7 hours, 14 minutes ago )
Copyright
© 2010 Hewlett-Packard Development Company, L.P.
If you want a quick check for viruses/malware:
Go Here
Download and Run: OTL, Malwarebytes Anti-Malware & aswMBR
Attach the following log files in your next reply.
-OTL.txt
-Extras.txt
-aswMBR.txt
-Malwarebytes.txt
Eddy
3
Process : Operationing Specifications
Company : undefined company name
Part Of: Operationing Specifications
Size: 469346 Bytes
Product Version: NA
Path: c:\hp\documentation\ops_shortcut.exe
MD5 (click to check anti virus scan result): 4f97bc6cce41355f3e7b9143a2d65fe2
If that is the file, it is safe and a FP.
We have recently seen some Win32:Dropper-gen [Drp] false positives appear for compressed packer files, here INNO.
Gen meaning it is a generic find, and therefore also meaning more false positive prone.
This apparently is caused by the «runtime packed» a.k.a. «execution compression» feature of the compiler (or linker?)
A kind of similar INNO_set.up false positive issue was also flagged in June 2007.
If it is solved with a coming update, you will be certain it has been a false positive, which is rather likely i.m.o.
polonus
Milos
5
Hello,
it will be fixed in next stream update.
Milos
system
6
Avast put the file in my the virus chest. Can I restore it back on my computer?
Lazer
Yes you can, right click and restore. 
Pondus
8
right click file in chest and rescan… when not detected anymore you can restore
avast! 2014: Using the Virus Chest http://www.avast.com/en-eu/faq.php?article=AVKB21#artTitle
Or right click + add to exclusions
Does not work here. I restore it and the next time I run it, it’s put back in the chest. Arg.
system
12
Did you scan it first while in the Chest as Pondus said?
system
13
Thank you, Pondus. I just got FPs on a couple of uninstall files for legitimate purchased software. I followed your instructions, and they both came back with “no virus” messages and were removed from the chest.
This definitely got my heart rate up - does it count as aerobic exercise? :o
system
14
I’ve just installed Avast and ran a boot-time scan and it’s saying doubleTwistSetup.exe contains Win32:Dropper-gen… is this an Avast false positive or not?
http://www.malwareremovalguides.info/win32dropper-gen-drp-removal-instructions/
system
15
This isn’t fixed yet (by either you, doubleTwist, or OpenCandy which owns the “dropper” software), but here is what doubleTwist said:
Henry Kwan
6:36 PM
1
Hello,
I’m sorry that you are experiencing problems with downloading and installing our application.
This detection is erroneous or a “false positive” as OpenCandy is not adware. OpenCandy is partners with some of the largest anti-virus and anti-malware companies. Here is their statement on these false positives.
http://www.opencandy.com/learn-more-about-opencandy-and-false-adware-detections/
We are working with OpenCandy and the major anti-virus companies to remove any false positive detections from their databases. In the meanwhile, please temporarily disable your anti-virus software to install doubleTwist.
To disable installation of any OpenCandy suggested applications, please carefully review the choices available and choose the appropriate option so that it does not install. You do not need to install any of the OpenCandy suggested applications in order to install the doubleTwist application.
http://www.doubletwist.com/help/question/how-do-i-opt-out-of-installing-the-opencandy-suggested-application/
Thanks,
Henry
XP/Vista