I was just scanning an exe installer a friend wanted me to have a look at (I swear :).
Avast said it was a Trojan. (see attachment)
I uploaded it to http://virusscan.jotti.org/ (to scan it by a pile of scanners - including Avast) and mostly either nothing was detected or just Adware. (See attachment).
Perhaps this is not exactly a false positive, but perhaps Avast is being a little over zealous calling it a Trojan - whereas on the online version it detected nothing.
I tend to believe its just adware, but have the word “Rootkit” hang over you is rather off putting.
Well the alert was for Malware Was Found so not quite the same as a detection with the anti-rootkit scan. Though the rootkit-gen malware name is a little off-putting, the -gen I believe indicates that this is a generic signature trying to catch many fish with the one hook so to speak, so there is a possibility that is is not a god detection or a misnamed detection which should be an adware one.
Though there are many VT detections there is a great spread of what it might be but a majority going for mywebsearch, I would have to think even on these results do I want that program or is there another that does the same task without the mywebsearch ?
However, I think it requires further analysis and should be sent to avast.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive or misnamed malware in the subject.
Well I continue my praise for Avast cause it certainly did alert me (which is more than I can say for a lot out there - I’m looking at you AVG !!), which gave me a fighting chance of dodging the possibility of copping (at the very least) annoying stuff like MyWebSearch.
I figured if it would help Avast be a little more accurate (if possible/warranted in this case), then I’d try to report it.