Trojan Horse Win32:Obfuscated-EB [Trj]

I just started getting this message from Avast Home 4.7 tonight. I am getting it on an executable that I am compiling with Inno setup on a VB6 application that I wrote.

I am reasonably sure there are no Trojan’s in this file, but I have not been able to exclude it from Avast so that I can use it.

Short of uninstalling Avast is there anything else I can do?

WinXP SP2 and all the latest updates.

Thanks,
Norm

i have the same virus alert with my inno-setups.

typical case of virus false detection.

i think (and hope) they remove this false virus signature with the next update.

BTW: this is not the first false detection since i use inno-setup…

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Also see (Mini Sticky) False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

I checked it on-line at the site Avast recommends and the only positive is with avast.

I have entered it into the exclusion file, but avast still pops up the Trojan warning and disables the file so that I cannot use it.

Avast is very aggressive with this file.

The only way I can continue to work with this program is to turn off Avast.

There are two sets of exclusions, I suspect you haven’t entered it in the Standard Shield exclusions (on-access) I mentioned above, either that or you haven’t entered the correct file or path.

Did you enter it in the standard shield exclusions ?
What path did you enter ?

After a new iAVS update from today i dont get any false positive from my inno setups :smiley:

I guess it has been reported and corrected then, avast are usually fast in any correction.

Mine appears to work OK also. I had sent them a copy of the file.

Norm

You can remove any exclusions you set if you haven’t done so already.