False positive

system · 2017-09-12T15:04:29.000Z

Greetings, I am a programmer and I am currently writing my version of a game, however, avast, and the virustotal scan detected like malicious the game launcher. I would like you to help me report the false positive and investigate my executable, since it does not alter information or take user input. I don’t know how or where to report it.

Scan: https://www.virustotal.com/es/file/175e394b605cc9e6676d053a9163e2db48b5ae6f8639b34c8e4f7e9cc14ad577/analysis/

Game launcher: http://www.returnoftibia.tk/Download

Asyn · 2017-09-12T15:05:42.000Z

As you’re a developer, read here…
→ https://www.avast.com/faq.php?article=AVKB229
→ https://www.avast.com/faq.php?article=AVKB228

Eddy · 2017-09-12T15:08:45.000Z

Looking at the behavior, the application still needs a lot of work.

system · 2017-09-12T15:12:27.000Z

Eddy post:3:

Looking at the behavior, the application still needs a lot of work.

It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.

Asyn · 2017-09-12T15:13:36.000Z

Benítez post:4:

It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.

See Reply #1 and/or you can report a suspected FP here: https://www.avast.com/false-positive-file-form.php

Eddy · 2017-09-12T15:15:12.000Z

It is not detected as a virus, but as a Trojan.

Asyn · 2017-09-12T15:16:47.000Z

Eddy post:6:

It is not detected as a virus, but as a Trojan.

Yep, and I somehow doubt that this is a FP, but the guys at VL have to decide it.

system · 2017-09-12T15:22:05.000Z

Asyn post:5:

Benítez post:4:

It is only an autoupdater launcher for the original Tibia executable (Cipsoft), it does not have any malicious behavior and yet it detects it as a virus.

See Reply #1 and/or you can report a suspected FP here: https://www.avast.com/false-positive-file-form.php

Thanks, I already did the file report, and it should be simple, in fact I did not protect or obfuscate the code, so anyone can decompile it and verify its behavior. I just encrypted some variants. I could send the .NET project to avast if required.

Asyn · 2017-09-12T15:24:43.000Z

As you reported it, wait for an answer from the VL guys.

Eddy · 2017-09-12T15:25:46.000Z

If the people from avast need/want more info, they will contact you.

polonus · 2017-09-12T15:26:14.000Z

Then you have to consider that every IDS alerts a so-called tk_domain…
IP blacklisted
Google Google Diagnostic Page
My WOT WOT Score Card
hpHosts hpHosts listing
MalwareDomainList MDL listing
Re: https://urlquery.net/queue/75feedf9-6fa2-40ae-927c-9699b8a6a057

polonus

system · 2017-09-12T15:29:12.000Z

A friend who installed the game yesterday, told me that his avast notified him that my executable would be analyzed in the laboratory, and within a few hours they said it was inoffensive.

Asyn · 2017-09-12T15:49:51.000Z

As said, wait for an answer from the VL guys.

savcin · 2017-09-12T17:51:35.000Z

Clean status has been set.

Announcements