Possible false positive

Hey folks,

Got bejeweled from http://www.reflexive.com/Bejeweled2Deluxe.html

Ive had it on my hdd for ages, (its the install file for it), but now Avast has now picked it up as this

Sign of “Win32:Trojan-gen {Other}” has been found in “I:\cd\Games\Bejeweled2DeluxeSetup.exe[Embedded#02ce04]{app}[b]WinBej2.exe[/b]” file.

This is bejewel’s main file to run it. It definitely sounds like a False +

I downloaded this file from reflexive again and Avast picked up the same trojan.

To know if it’s an FP, upload the file to VirusTotal and post results.

If indeed an FP, send the file in a password-protected zip folder to virus@avast.com with false positive in subject and the password mentioned in the email body.

I just started getting a false positive myself. I play a game Kingpin which uses mmclient.exe
as a cheat protection. Few days ago I have been blocked from my game server (QTracker)
Ok so I went to exclusion folder and allowed mmclient.exe, C Programs/Kingpin and mmclient.dll. Still the same.

the problem is

9/24/2008 8:15:38 PM SYSTEM 1524 Sign of “Win32:Gamona [trj]” has been found in “C:\Program Files\Kingpin\mmclient.exe” file.

Help!!

Please update Avast to VPS 080925-0 and rescan this file. Generic detection Win32:Gamona [trj] has been fixed in this version. If the mmclient.exe will be still detected, please send it to virus@avast.com

False positive in “bejeweled” will be fixed in next VPS update

Thanx a lot

Which VPS?? If 080925-0, its still there

Hmm odd, went to virustotal and uploaded Winbej2.exe

Maybe it does have something in it?

AhnLab-V3 - - -
AntiVir - - TR/Agent.274432.H
Authentium - - W32/Trojan2.STA
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - Trojan.Agent.27
ClamAV - - Trojan.Agent-13885
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/Trojan2.STA
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - Malicious Software
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - Trojan Horse
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Agent.274432.H

I do not get any of those names to google anything so I’d password protect zip it and send to virus at avast.com with the password in the body and a link to the vt results

Ok, I’ll have to turn Avast off coz everytime it picks it up it kills it

Main file zipped and PW protected and sent

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

I did, the result from VT is here. I emailed the file above to avast yesterday our time.

It looks like its been fixed in 080926-0

Just did another scan of the install file, its clean

Thanx guys !

Thanks for the feedback.

No probs :slight_smile: