Every setup program I have on my site pcwintech.com is being flagged as a generic virus. I didn’t have this problem 2 days ago, now my avast is saying every file is infected.
All of my setups are made withe setup factory 7 and 8. I have had this happen with avast before, and I cant have my user who download my program flipping out. Its not just avast flagging these from time to time, I wonder if I need to start looking for a different installer program. But avast wasn’t flagging these until the sept. 23rd virus def.s
Send the sample/s to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.
I don’t know if you have checked them against virustotal (as you say that avast isn’t the only scanner detecting them) that has 36 different scanners.
VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
I just viewed setup factory forums and im not the only one getting hit with fals alarms. A lot of users of setup factory are.
here is what I put on my website
News:
09-24-2008
After getting so many false alarms about my setups having virus im getting tired of it. On my setups I use setup factory and im not the only one getting flagged, a lot of user who use setup factory are getting false alarms.
The false alarms make me look bad and im tried of having to ask users to upload the files for they can see there not viruses. So from this point on I will be searching for a new setup program to create my installs.
Once I find one that does a good job I will be redoing all my installs.
So I think instead its time for me to find a new installer program.
Setup factory 7 doesnt get false alarms but setup factory 8 does, alot. I know in v8 they use a new compression alg. but setup facotry is putting all the blame on the antivriuses and I find that hard to believe when other setups out there dont have the problem.
Whilst it isn’t detected by avast on VT, but the other two detections are heuristic (sus) and Generic (.gen) both of which are more prone to FP, so based on those detections I would say send the samples to avast for analysis and correction.
It isn’t unusual to not have avast detect on VirusTotal when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.
My download almost completed before alerting.
So as you say it is possible that something in the setup factory software’s compression is seen as suspicious. I don’t know if Alwil can get hold of the program (I’m just an avast user) and see if they can identify what it is in the compression alg that is triggering the generic alert.
Thanks for your time, I will submit the file to avast.
But I still think unless setup factory puts out a fix to change what ever it is being flagged in their setups I might be better off finding a new installer.