system
1
I have recently downloaded PCTools ThreatFire AntiMalware Product. Tonight Avast says it found a Trojan in the ThreatFire Installation Program. Avast also ID’s ThreatFire as a Trojan running in the memory when ThreatFire is active.
Win32:Klone-RX [trj] in D:\Download - D\ThreatFire\tfinstall.exe{app}\TFMisc.dll
VPS Version 071220-0, 12/20/2007
Should I be worried? Or is this a False Positive?
system
2
Haha, ive been hunting for an answer to this question for a few hours now… Im hoping to see a reply here soon, cause i noticed like 25 (originally 21 when i started this reply) people besides myself read this post… no offence but it seems the question is being avoided, and this isnt the first forum ive been on concerning this “problem”. All i got from the last is that the company hasn’t made any comments on this yet.
Anyway im running avast! Home (recently dled), AVG, ThreatFire, and CounterSpy (recently uninstalled due to memory issues)
*This is off the topic, i recently installed some program and it told me i had a trojan, but the thing about this trojan is that, (after research) i found out it resides between MSDos and XP, anyone know anything about this? I’ll try to get the name before i format… And does anyone here use UNIBlue? lol
Laterz
L.O.A
My baby fluctuates so it makes no sence spilling her specs haha
DavidR
3
There is another topic on this, http://forum.avast.com/index.php?topic=32165.0 where I have replied on what to do.
system
4
I know about all that, but this still dosent answer the question of whether or not its a trojan…
Thanks anyway 
L.O.A
DavidR
5
It does answer the question because if you read the original posters question.
I highlighted the relevant part where the check on VT gives a pretty strong indication that this is a false positive.
VirusTotal uses the windows version of avast (more packers supported) and there are currently 32 different scanners. So excluding avast the only other scanner that detected anything said it was suspicious, which would tend to indicate Heuristic detection that are prone to mis-detection.
system
6
Okay okay… lol
But we all know that there are a lot of viruses, spyware and trojans that anit-virus software (overall software) bypass.
I just recently installed PC Tools Firewall Plus, i like it… for now lol
L.O.A
system
7
DavidR, thank you for your reply and link. I do want you to know that I tried the Search Function for both Threatfire and Threat Fire and in both cases I was given a “Database Error” message and no further results. I do actually try to search for info before I post a topic. I realize you did not say anything about “use the search function”, but I do want you to know I did try that avenue first.
Am I to take it from this that Avast is giving a False Positive in this case?
Again, thanks for your reply.
DavidR
8
Your welcome.
There have been a number of database errors in the last 10 days or so and the only reason I knew about it was I replied to it, so it was easy for me to find ;D
Even if you had been able to use the search function, that topic was created a little ‘after’ yours, It just happened that I opened that one first as it had no replies.
By all accounts there is also an update for Threatfire I believe (nothing to do with this), but hopefully maybe that won’t be detected.
system
9
As an aside, I tried uploading the entire ThreatfireInstall.exe to VirusTotal, but it exceeded their size limit.
I have noticed Prevx1 seems to throw up a lot of Positives where no other program does. For me it is a rare .EXE file that Prevx1 doe NOT flag as a possible threat. Therefore I tend to discard their results from my serious consideration unless there are other Positives.
DavidR
10
The upload limit I believe is 10MB, the problem is that it is not the complete installation file but a specific TFMisc.dll as in the link I gave that is the problem.
