Hi,
I would like to inform you that, since its last update, avast detects a false virus (and erases it, or denies access to it) in the installation directory of the “Supercopier” software.
This is the “apihooks.dll” file, that Supercopier needs in order to function properly.

If you don’t know this software, it is a (french, I think) freeware that replaces the standard copying function of Windows NT-2K-XP.
I installed it (so It’s not a virus), like many people, because I consider the standard copying function of Windows to be less than satisfying. Now, with avast seeing it as a virus (trojan), I can not use it anymore, which I find somewhat annoying.

I found a solution, though, but not anyone is capable of doing it.

I simply put the adress of this DLL in the avast “ignore list”, but I think this is not the proper way to do things. This dll is not a virus and should not be considered so.

If you would consider making a hotfix to correct that, it would be nice of you.

Don’t make me wrong, your software is very good, but that is typically the little details that can very fast become very annoying.

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

This is a false positive because : you report it as a trojan because it takes control of one function in Windows shell. But this is INTENDED ! The soft replaces the “copy” function in windows. It is NOT a malware. I’m ABSOLUTELY positive. Here is the URL of the editor’s website : http://supercopier.sfxteam.org/

I send you a zip of the install directory

VIRUSTOTAL REPORT :

Fichier ApiHooks.dll reçu le 2008.06.09 20:43:16 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.12%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - Trojan.Exploit.Debploit.F
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 023ecc1c384a199b86f345027217991d
SHA1: 0371c91f895ce5e929f72ce88fc967efdde9cb5c
SHA256: 1545f253ca48fa78270f5a6fdf792d65cfbf10b34292c26c2af67651761b0cd3
SHA512: f89ce99b1099f6c97a6e0be20495d174fd49a4b4060b3f307b1116a31c015373b734145c37f888be1442d1779bab285bc74826c13d649676cdeacdaa92a1fee2

This is the problem with what would be deemed tools, they can be used for good or evil, something that it is difficult for an AV to determine. As you have sent the file for analysing hopefully it will be resolved or perhaps the suffix [Tool] placed after the Trojan name, etc.

Though there are other copier applications that don’t seem to have a problem.

If you are happy that there is no issue you can exclude the file from on-access and on-demand scans.

Add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions

Restore it to its original location (if you sent it to the chest), periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

the FP was fixed already, afaik… do you have the latest VPS version?