false positive

system · 2017-05-31T10:55:51.000Z

Dear Sir/Madam!

We are small software development company from Russia, and we have developed a small chromium-based browser.
But some of our testers told us, that our program is already blacklisted in your Avast antivirus system.
You can find the program here: http://phoenixbrowser.com
Download link: http://phoenix.brouzeka.ru/installer/get.php

We will be very glad to solve this problem if it’s possible. If there is something wrong with our program - just tell us and we will fix it.
And if it’s just false positive - please check it and fix it.

Thank you!

Best regards,
Alex Ivanov,
Senior developer,
Adamant-Soft Russia.

Eddy · 2017-05-31T11:06:01.000Z

https://www.virustotal.com/en/file/3b95597ab95e3c189350e69fa026d02011ffeadea08bd44909d6ca183632e83e/analysis/1496228589/

jirik · 2017-05-31T12:48:55.000Z

hello,
thanks for your question, I have review the problem. I get a sample from hxxp://phoenix.brouzeka.ru/installer/get.php and it has been signed by digital signature “AO Adamant-Soft” (issuer: “COMODO RSA Code Signing CA”). We register many malware samples signed with the same signature (e.g. https://www.virustotal.com/en/file/c77badd4f3c8902471888fb3e61b78bff3014a3276fd75fa1c89972b22338119/analysis/ , https://www.virustotal.com/en/file/6f8b3c6bf85bef3427480ec86168eb64fc42bbf0a6a142c193ac30713c0e750f/analysis/ …). That is the reason, why the sample is detected.

If the certificate was misused or stolen, you should stop using compromised certificate, revoke it and request your certification authority for a new certificate.

Announcements