Receiving an alert on “Battlefield HitFixer 1.31.exe” [file downloaded from http://www.mediafire.com/?yigayixxgd0 ] Have had this file on my PC for quite a while (in excess of 6 months) and after a recent AVAST update it starts to be identified as a Win32:Trojan-gen {other}
The program is used to alter some settings in Battlefield 2 gameplay.
Scan taken on 13 Sep 2008 12:52:40 (GMT)
A-Squared Found nothing
AntiVir Found nothing ArcaVir Found Trojan.Rootkit.Agent.Ez Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing CPsecure Found Troj.Spy.W32.Agent.bdw
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing Ikarus Found Trojan-Spy.Win32.Agent.bbg
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
@ Gryphen
I think because several of the detections are generic or heuristic it could well be an FP.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
If it is indeed a false positive and it seems so, if you accept the risk you could, add it to the exclusions lists: Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions (right click the avast ’ a ’ icon)
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
When you get an alert, copy the path to the file being detected, the alert window alows you to copy the full path, paste that into the standard shield exclusion.