False possitive WOW ?

Hi,
Almost direct after a update from AV anti virus i got when i started World of Warcraft i got the following virus detect message: D:\1 Spellen\World of Warcraft\Scan.dll.new.
Win32:Trojan-gen {Other}
VPS versie 081028-0, 28-10-2008
I think this is a false positive.
Maybe some one can look into this.

With regards
Desmark

Same here :

 File:  	 Scan.dll
Status: 	
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: 	2b86bc28a32426105b6d7b8cbc5fabc1
Packers detected: 	
PE_PATCH.UPX, UPX
Scanner results
Scan taken on 28 Oct 2008 17:42:23 (GMT)
A-Squared 	
Found nothing
AntiVir 	
Found nothing
ArcaVir 	
Found nothing
Avast 	
Found Win32:Trojan-gen {Other}
AVG Antivirus 	
Found nothing
BitDefender 	
Found nothing
ClamAV 	
Found nothing
CPsecure 	
Found nothing
Dr.Web 	
Found nothing
F-Prot Antivirus 	
Found nothing
F-Secure Anti-Virus 	
Found nothing
G DATA 	
Found nothing
Ikarus 	
Found nothing
Kaspersky Anti-Virus 	
Found nothing
NOD32 	
Found nothing
Norman Virus Control 	
Found nothing
Panda Antivirus 	
Found nothing
Sophos Antivirus 	
Found nothing
VirusBuster 	
Found nothing
VBA32 	
Found nothing

I had the same problem on 5 computers in my house. i check it with anotehr scanner (or 4) it isnt infected its a false positive by avast.

their should be a milltion people comlaining soon

Being super paranoid I could really use some confirmation if this is a false positive going on here – I certainly believe it is but like I said, paranoid…

-X

Although it is the same file name that isn’t a guarantee that it is the same file, though it is highly likely.

The one uploaded to virustotal by Kinder certainly seems so and Kinder should send a sample to avast.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

A Blizzard employee posted the correct MD5 for Blizzard’s copy of the file here: http://forums.worldofwarcraft.com/thread.html?topicId=12065147095&sid=1

2B86BC28A32426105B6D7B8CBC5FABC1

Comparing this against the file Avast! identifies as having a virus (since this morning’s database update) shows it to be the exact same file.

-X

Thanks for the update and it is also the same MD5 as the file Kinder uploaded to virustotal.

This file has not been recently added or modified, it was never identified until after Avast! received an update this morning, to help add to the context.

-X

Same detection here and I sent the file off through the virus vault to avast.

Hopefuly Avast can update so that avast av doesn’t keep screaming at me everytime I start the game.

What VPS version do you have, the latest is 081116-1 ?

The reason I ask is that avast is quite quick to correct any FP confirmed and this was reported on October 28th.