False positive? Win32:Trojano-1975 [Trj]

Got a report of this on an exe that should be clean from a software develop known to me. I tried other virus scanners including (up to date) bit defender and avg and norton. They do not report any virus in the exe.

Is this a known false positive? What exactly is it looking for in the file to detect it (perhaps I can pass this information to the developer and they can see if certain bytes are in there file that would cause this report)?

Most probably it’s a false positive…
You can submit it to JOTTI and let us know the result.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used.

Oh, by the way, which is the full file name of the executable?

Its a commercial program currently in an internal alpha/beta. SO no point telling you the name, as you won’t have it. And I need to be careful where I send it, as it is covered by NDA.

For sure Alwil will respect your copyrights. No need to be worried. I have submited some ‘small’ software made by myself for ‘anti-false-positive’ analysis.
Other option is add the file to the Exclusions lists of avast!
A third possibility is wait untill you can ‘share’ your software in the web and submit it for analysis :wink:

submitted to JOTTI … with these results:

File: svsv.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 ba9e49f5e177bbda1b3ea19efb77afc4
Packers detected: PEBUNDLE, PECOMPACT
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Trojano-1975
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

Intereseting … the disclaimer in the JOTTI results suggests that avast is “known to generate more false positives than the average”. Is this true?

I think it is not. As far as I’ve seen, this warning applies to every AVs on Jotti when some AVs (maybe 1 or 2 scanners) detects submitted file as malware while the rest (scanners) don’t detect anything.

To fix the problem, we would certainly like to see the file. So, if you can send it to virus@avast.com, preferably in a password protected ZIP archive with a short description, we will check it.
Of course, the file will not be passed any further or used in any way.

An AVAST boot scan this morning informed that I had a file (Swishvideo.exe) that is infected with Win32:Trojano-1975[Trj].

I recently downloaded this file from the commercial site swishzone.com, which developed and markets this software. My file is a 15 day trial file.

I see by the previous post that recently another person reported a similar occurrence. Is this a false positive?

Thank you.

It can be a fp. What is JOTTI reporting?

I don’t get any detection with the current VPS (0536-2). Try to update the virus database, please.