False positives of 0524-0 VPS

I’ve sent three (or more) files about the Trojan-Gen signatures, false alarms, I’ll be happy to have my AutoIt executables (scripts) files back :cry:
Pavel, you always say you’ve tested a lot the signatures.
It won’t harm have AutoIt (http://www.autoitscript.com/) and test some scripts for your own, for instance:

URLDownloadToFile ( "http://files.avast.com/iavs4pro/vpsupd.exe", "C:\avast\vpsupd.exe" )

It will be detected as a downloader Trojan! :stuck_out_tongue:

Another false positive:
Scanning of selected files: Action was completed successfully!
Virus has been detected!
File Name: fgiebar.dll
FileID: 154
Virus Description: Win32:Adan-062 [Adw]
A FlashGet dll, not infected :-\

Yes, I’m getting false positives on AutoIt scripts. When I recompile them with the latest version of AutoIt they are OK (i.e. not identified as a trojan by Avast).

I’m also getting a positive on “C:\WINXP\system32\auto_update_uninstall.exe” as Win32:Adware-gen. [Adw]. According to my Google results this is associated with PeopleOnPage, Inc. but I do not seem to have any of the other files that http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_POPBAR.A (for example) lists and it is not running as a process in my system. Is it a false positive?

I doubt that this EXE has anything to do with system32 folder(except confusing users from not deleting it). If it’s legit it should be in Program files. So i pretty much doubt about being a false positive…

There really is a problem with AutoIt files - it should be fixed any minute.

I’ll test and let you know…

Well, some of them are clean into 0524-1 but others not.
I’ll try again in the afternoon. ::slight_smile:

Oops, there are still some AutoIt file detected with 0524-1?

Virus has been detected!
File Name: fgiebar.dll
FileID: 154
Virus Description: Win32:Adan-062 [Adw]

Virus has been detected!
File Name: Cript.exe (AutoIt)
FileID: 173
Virus Description: Win32:Trojan-gen. {UPX!}

Virus has been detected!
File Name: Decript.exe (AutoIt)
FileID: 174
Virus Description: Win32:Trojan-gen. {UPX!}

Virus has been detected!
File Name: RegEditPE.exe
FileID: 172
Virus Description: Win32:Trojan-gen. {UPX!}

Virus has been detected!
File Name: AutoIt.exe
FileID: 168
Virus Description: Win32:Trojan-gen. {UPX!}

Virus has been detected!
File Name: WhatIsUp.exe
FileID: 169
Virus Description: Win32:Trojan-gen. {UPX!}

a lot of others…

Can you send me the files, please?
Thanks.

I’ll do it later… some of them I have to change the internal code 8)