My app hits as a false-positive, please help

Hello, I’m the developer for a legitimate app in the Mac AppStore called Bitcoin Ticker - To the Moon! https://itunes.apple.com/us/app/bitcoin-ticker-to-the-moon!/id731453251?mt=12. A couple months ago my app was hijacked along with some other legitimate apps, and were uploaded as a trojan to popular third party websites such as Download.com and MacUpdate.com. The details can be found here http://www.reddit.com/r/Bitcoin/comments/1xnm1v/os_x_users_beware_downloadcom_and_macupdatecom/. The actual Mac AppStore version has always been clean since only I can code sign and upload it to the Mac AppStore.

In the last update I added some security features incase the app was ever modified again by a third party. If the app has been tampered with it will show a warning message and then disable itself http://cl.ly/image/3c2Q0W3Y1M1C. How can I go about removing my app as a false-positive? I’ve already sent a false-positive report a couple weeks ago with no reply. Here is a screenshot of the false-positive http://cl.ly/image/1X280Y3i2G2z.

Can you upload the detected file to virustotal.com and post a link to the scan results here?

Here is the link https://www.virustotal.com/en/file/e25f3bd8e0dad07402a092d2666f16078fd96e13b6eb105a81ba745eb88bd0c1/analysis/1394731897/

Send the file in an password protected archive to virus@avast.com Subject:false positive
Dont forget to tell them the password. :wink:

Thanks, I sent it. Do you know what the usual turn around time is?

Theyre pretty quick on flse positives but it depends on virus lab load. Theyre processing 350000-450000 files a day.

Usually it should be fixed within a few days. maybe a bit longer cause its a Mac Software. :wink:

Hi guys, it’s been almost a month and my app still hits as a false-positive. Can some one from avast please tell my why?

Hello,
detection was fixed on 14th March 2014.

Milos

When I try to download the app from the Mac App Store it is still blocked. Here is a screen recording. I was running the current virus definitions. https://dl.dropboxusercontent.com/u/17346600/AvastBitcoinTTM.mov

files have different hash

We need that samples to analyze.

Send the sample to virus@avast.com with “False positive” in subject.

Ok thanks I resent. I sent an encrypted version of the complete .app this time.

Any update? The app still hits as a false positive. Can someone from avast please help me resolve this?

I haven’t seen the newly sent sample.

Post VT(virus total) link of the detected file (previous one was already fixed).

submit again
https://www.virustotal.com/

I took a closer look and it seems the temp pkg file was hitting as a false positive when trying to download the app. It seems to be fixed now though. No more false-positive hits! Thanks for your help :slight_smile:

was fixed in VPS 140416-1 update
at apologize for the delay in resolving problems are several that I forget
you’re be welcome