system
1
Greetings, I am a programmer and I am currently writing my version of a game, however, avast, and the virustotal scan detected like malicious the game launcher. I would like you to help me report the false positive and investigate my executable, since it does not alter information or take user input. I don’t know how or where to report it.
Scan: https://www.virustotal.com/es/file/175e394b605cc9e6676d053a9163e2db48b5ae6f8639b34c8e4f7e9cc14ad577/analysis/
Game launcher: http://www.returnoftibia.tk/Download
Asyn
2
Eddy
3
Looking at the behavior, the application still needs a lot of work.
system
4
It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.
Asyn
5
See Reply #1 and/or you can report a suspected FP here: https://www.avast.com/false-positive-file-form.php
Eddy
6
It is not detected as a virus, but as a Trojan.
Asyn
7
Yep, and I somehow doubt that this is a FP, but the guys at VL have to decide it.
system
8
Thanks, I already did the file report, and it should be simple, in fact I did not protect or obfuscate the code, so anyone can decompile it and verify its behavior. I just encrypted some variants. I could send the .NET project to avast if required.
Asyn
9
As you reported it, wait for an answer from the VL guys.
Eddy
10
If the people from avast need/want more info, they will contact you.
polonus
11
Then you have to consider that every IDS alerts a so-called tk_domain…
IP blacklisted
Google Google Diagnostic Page
My WOT WOT Score Card
hpHosts hpHosts listing
MalwareDomainList MDL listing
Re: https://urlquery.net/queue/75feedf9-6fa2-40ae-927c-9699b8a6a057
polonus
system
12
A friend who installed the game yesterday, told me that his avast notified him that my executable would be analyzed in the laboratory, and within a few hours they said it was inoffensive.
Asyn
13
As said, wait for an answer from the VL guys.
savcin
14
Clean status has been set.
