IDP Generic: is this a false positive??

Viruses and worms
1

I am having a problem with a piece of software I have been using coming up with an IDP.Generic infection.

I have spoken with the developers and they are saying it is a false positive.

When I enter the file on VirusTotal it gets a lot of red flags.

Is there any way someone on here could check the file for me and tell me if it is safe?
The program is a hotkey and table organizer for online poker.
I am a professional poker player and I use the software daily and it is part of my work, so really would love to be able to keep using it.

The file is free to download from domain :
jurojinpoker.com/

Thanks in advance

2

Some additional notes:

-The app is still in early acess/beta stage and the Dev told me this is why it is returning a false positive.
-Avast did not flag it when I downloaded it or ran it for a few weeks, jsut out of the blue it popped up while I was using the program that it was infected and that I should move it to the virus chest.
-It does not get flagged when I do a full system scan with avast.

3

Please ‘modify’ your post change the URL from http to hXXp or www to wXw (or just post the domain name jurojinpoker.com), to break the link and avoid accidental exposure to suspect sites, thanks.

That said the correct place to do this is by using the - Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php, which goes to the virus labs.

4

Thanks for the response.

Apologies re the link, I have edited as requested.

I have gone ahead and lodged using the false positive form.

5

You’re welcome.

6

It is not only avast that flags that installer as malicious:
https://www.virustotal.com/gui/url/9386d40c782e5077abd0bd3c054f929128468b3fdae8be773e054cba834b789a/detection

See detections on IP as well: https://www.virustotal.com/gui/ip-address/52.217.81.116/relations

Not clear here: https://www.virustotal.com/gui/domain/jurojin-prod.s3.amazonaws.com/relations

So wait for a final verdict from an avast team member.

By the way also consider this on the main website: https://retire.insecurity.today/#!/scan/6c338f0757786ab9f0f1696f24aa3835c227d79ca43517c3728e85bb7a361c6d
1 retirable jQuery library was detected.
DOM-XSS issues. Results from scanning URL: -http://jurojinpoker.com/vendor/popper.js/popper.min.js
Number of sources found: 32
Number of sinks found: 10

Abuse report - no abuse → https://apility.io/search/52.217.81.116

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

7
It is not only avast that flags that installer as malicious: https://www.virustotal.com/gui/url/9386d40c782e5077abd0bd3c054f929128468b3fdae8be773e054cba834b789a/detection
That VT link show URL blacklisting and not install file detection