Our software marked as win32 Lineage-323 Trojan

Our software has just been flagged as having this Trojan. Our program is written in Delphi, and I would only guess you are looking for a component signature that matches something this Trojan also uses.

1.) How do I get my software off your list?

Our software is not a Trojan and to-date, your software is the only one reporting it as such.

Mike

In fact, you’ve already did what is needed… posting in forum.
Hope they correct this in the new virus database release.

Send an email with the file (false positive or infected) to: virus@avast.com

You can use Alwil FTP server as a second way to transfer only big files. Upload them to ftp://ftp.avast.com/incoming (please, note that you won’t have READ access to the ftp server, just write - so you won’t even be able to see what you’ve just uploaded).

Thanks.

WorkCenter.exe has been FTP’d

We installed Avast HOME to verify the false trojan reading, and was able to replicate the issue. Our copy of AVAST has a “Continue” button on the popup, which then allowed us to continue running our software. The client’s version of AVAST does not have a Continue button.

I looked under options, and found the ability to eliminate our program from your scan, however, that appears to not work as I expected.

So currently, the user has disabled your software.

Any thoughts on how best to resolve this issue are appreciated.

Mike

There are two areas to input exclusions, Program Settings, Exclusions which handles on-demand scans, which is probably the one you have found, but you need to enter this in the resident scanner also for on-access scans.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Will do, Thanks

Yes there seems to be alot of problems with the Win32:Trojan-gen. {Delphi} detection. I have many commercial software that is reported as this trojan as well as a personal application.If avast could please removed this detection since it interfere with other software and from my end hasn’t stopped any viruses.

Thank You

Al968

This thread has nothing to do with Win32:Trojan-gen {Delphi} - it was about Win32:Lineage detection, which is something completely different (not just the malware type, but also detection method/algorithm). (And I believe this particular false positive should be fixed now.)

It is also not true that Trojan-gen {Delphi} detection hasn’t stopped any viruses - it actually detects thousands of various malware. We will be happy to fix the false positives, but we cannot do that without the misdetected files. So, if you have “many” such samples, pack them all into a password-protected ZIPs and submit them to virus@avast.com, please. Or, if there are really many of them, you can upload them (in one package, for example) to ftp://ftp.asw.cz/incoming (but please let me know if you do, the FTP is not normally monitored).
Thanks.

Ok sorry for the mis-post :wink:
I’ve just uploaded my personal application.

Hope it helps :slight_smile:

Al968