I’ve sent three (or more) files about the Trojan-Gen signatures, false alarms, I’ll be happy to have my AutoIt executables (scripts) files back
Pavel, you always say you’ve tested a lot the signatures.
It won’t harm have AutoIt (http://www.autoitscript.com/) and test some scripts for your own, for instance:
Another false positive:
Scanning of selected files: Action was completed successfully!
Virus has been detected!
File Name: fgiebar.dll
FileID: 154
Virus Description: Win32:Adan-062 [Adw]
A FlashGet dll, not infected :-\
Yes, I’m getting false positives on AutoIt scripts. When I recompile them with the latest version of AutoIt they are OK (i.e. not identified as a trojan by Avast).
I’m also getting a positive on “C:\WINXP\system32\auto_update_uninstall.exe” as Win32:Adware-gen. [Adw]. According to my Google results this is associated with PeopleOnPage, Inc. but I do not seem to have any of the other files that http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_POPBAR.A (for example) lists and it is not running as a process in my system. Is it a false positive?
I doubt that this EXE has anything to do with system32 folder(except confusing users from not deleting it). If it’s legit it should be in Program files. So i pretty much doubt about being a false positive…