I am using Avast Pro version.
I think I have a ‘false positive’ being detected, and I MUST know the answer. I am shipping software that his packaged using
ClickTeam’s Install Creator Pro. Virtually all the installs created using this installer are now being detected as infected with
Win32:Trojan-gen. {UPX!}
Needless to say, if this IS a false positive my customers will soon be informing me and I have a problem.
Please tell me how I can establish definitively if this is a false positive, and how I would prevent my installs from reading as a false positive.
And to stop the false positive from being detected (if it indeed is a false positive), send/email the file in a Password protected archive (winzip or Winrar are best for this) to virus@avast.com , in the email mention that you think its a false postive and why. also the filepath you found it in, and also any other info you feel is nessersary.
I tested the original file one of many, and on http://virusscan.jotti.dhs.org/
there were two hits:
Avast: Win32:Trojan-gen.
and
Dr. Web: Trojan.Ulone
However, I created a new installer with one program in it (which I scanned and found no infection in). I created this installer with on access protection ON. As soon as I viewed the folder containing the new installer in it I got a hit from AVAST on the new installer. I am fairly confident that this is a false positive on WEB installers created with the ClickTeam product.
I have submitted the 'false positive. However, I have also downloaded the latest version of the ClickTeam Install Creator Pro and re-created the same installer. Now the installer does not trigger an alert.
My thinking now is that the old install creator version had code in it that was eliminated on the new version (possibly for the exact reason that it would trigger virus detection).
