FP on every one of my installs

Every setup program I have on my site pcwintech.com is being flagged as a generic virus. I didn’t have this problem 2 days ago, now my avast is saying every file is infected.

All of my setups are made withe setup factory 7 and 8. I have had this happen with avast before, and I cant have my user who download my program flipping out. Its not just avast flagging these from time to time, I wonder if I need to start looking for a different installer program. But avast wasn’t flagging these until the sept. 23rd virus def.s

Thanks

Send the sample/s to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

I don’t know if you have checked them against virustotal (as you say that avast isn’t the only scanner detecting them) that has 36 different scanners.

VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

here is the results of my cleanmem setup

http://www.virustotal.com/analisis/8afcacec5e154a61ed1fc43c3f348519

the one by AntiVir was already sumbitted by a user and they verified its a FP and will update there defs soon.

Oh and the avast one they use is 2008.09.20, which seems right as I didnt get these FP until avast updated to 2008.09.23

This is happening on all my setups on my site.

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.21 TR/Crypt.ULPM.Gen
Authentium 5.1.0.4 2008.09.21 -
Avast 4.8.1195.0 2008.09.20 -
BitDefender 7.2 2008.09.21 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.21 -
DrWeb 4.44.0.09170 2008.09.21 -
eSafe 7.0.17.0 2008.09.21 -
eTrust-Vet 31.6.6096 2008.09.20 -
Ewido 4.0 2008.09.21 -
F-Prot 4.4.4.56 2008.09.21 -
F-Secure 8.0.14332.0 2008.09.21 -
Fortinet 3.113.0.0 2008.09.21 -
GData 19 2008.09.21 -
Ikarus T3.1.1.34.0 2008.09.21 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.21 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.21 -
NOD32v2 3458 2008.09.21 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.21 -
PCTools 4.4.2.0 2008.09.21 -
Prevx1 V2 2008.09.21 -
Rising 20.62.62.00 2008.09.21 -
Sophos 4.33.0 2008.09.21 Sus/UnkPacker
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.21 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.21 -
Webwasher-Gateway 6.6.2 2008.09.21 -

Thanks.

Well I only have a dial-up connection and I’m actually trying to download cleanmem right now 1.2MB so far (of 1.7) and no alert, yet.

I just viewed setup factory forums and im not the only one getting hit with fals alarms. A lot of users of setup factory are.

here is what I put on my website

News:
09-24-2008
After getting so many false alarms about my setups having virus im getting tired of it. On my setups I use setup factory and im not the only one getting flagged, a lot of user who use setup factory are getting false alarms.
The false alarms make me look bad and im tried of having to ask users to upload the files for they can see there not viruses. So from this point on I will be searching for a new setup program to create my installs.

Once I find one that does a good job I will be redoing all my installs.

So I think instead its time for me to find a new installer program.

Setup factory 7 doesnt get false alarms but setup factory 8 does, alot. I know in v8 they use a new compression alg. but setup facotry is putting all the blame on the antivriuses and I find that hard to believe when other setups out there dont have the problem.

http://www.indigorose.com/forums/showthread.php?t=24611

Thanks for you time!

Whilst it isn’t detected by avast on VT, but the other two detections are heuristic (sus) and Generic (.gen) both of which are more prone to FP, so based on those detections I would say send the samples to avast for analysis and correction.

It isn’t unusual to not have avast detect on VirusTotal when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.

My download almost completed before alerting.

So as you say it is possible that something in the setup factory software’s compression is seen as suspicious. I don’t know if Alwil can get hold of the program (I’m just an avast user) and see if they can identify what it is in the compression alg that is triggering the generic alert.

Thanks for your time, I will submit the file to avast.

But I still think unless setup factory puts out a fix to change what ever it is being flagged in their setups I might be better off finding a new installer.

Take care.

You’re welcome.

There has just been a VPS update and I checked the file that was detected and it is no longer detected, so you might want to test your files again.

every setup is no longer getting false alarms, outstanding.

Thanks.

You’re welcome, fast work by the virus labs team ;D