I have a setup created by “Inno Setup” that has been used for some time without problems. But just now Avast is claiming “Win32 Trojan-Gen {other]” is in it. I’m virtually 100% certain that it is a false positive. The setup can be downloaded from this link http://www.box.net/shared/kfohrsi197
Can this be fixed in Avast. I’m using the free home edition. Otherwise I love AVAST!
avast! also started detecting “Win32:Trojan-gen. {Other}” on my system in a few files that I know is clean since I scanned the “infected” files with 3 other up-to-date anti-virus products and it’s only avast! that “detects” this Trojan.
Please send the false detected files to virus[at]avast[dot]com in password protected archive , and for mail subject write “False Positive” , so that alwil team can fix the false positives
Till the false positives are fixed you can add the files to the Standard Shield exclusion list, so they won’t be scanned
I would say there is a possibility it could be an FP, I think by the malware name, plus there has also been a rather large VPS update 000750-0 which might be a possibility.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
I just did both Multi engine on-line virus scans, and avast! was the only one that detected the Inno Setup installer program as a Trojan on both the scanners.
I create these Inno Setup’s often and I get the warnings even while creating the setups as well. So I sent an email to Avast with the example for them to try to fix the issue.
Thanks Everyone.
I originally posted over here: http://forum.avast.com/index.php?topic=28899.0 regarding the PhpEd 5.0 installer and then found this post. A moderator might want to go lock my other one.
As I write this, I am attempting to email the password protected inno setup installer to avast for analysis. It is 70+MB in size so I don’t know if any mail server along the way might dispose of the file simply by its size.
I’m the one who originally posted this. I sent the file to Awil and they responded with an update. Now all is well. No more false warnings. Thank You Avast!