Please fix it so I don’t have to handle hundreds of support questions from my users because your antivirus detects non-existing malware in my software.
NOTE: the linked files are regularly updated, i’m asking you to implement a permanent whitelist or to disable your broken heuristics.
Tizek32.sys > Virus.Win32.Virut.CE .If my memory serves me correctly,this the last variant of the well-known file infector called Virut/Vitro.
Who would be too risky,to “run” it ?
May we know what kind of software are you offering?
First some remarks at first sight - some could lead to a heuristic and generic find:
-http://tz-ac.com/upd/files/tizek32.sys also found in SpyEye code - can be established with rootkit unhooker
SHLWAPI.dll (0x77F60000) optical media file
UxTheme.dll (0x5AD70000) port reporter tool
Processes running under explorer.exe
UxTheme.dll (0x5AD70000) Java runtime code
\IMM32.DLL (0x76390000) also found in malcode could crash
SavedLegacySettings 0x3c00000016000000010000000000000000000000000000000400000 monitoring outbound connections
{5E6AB780-7743-11CF-A12B-00AA004AE837}\ also found in Trojan attack code & hackerware
Protocol_Catalog9 0 Key Change 1 message board regroupment
Personal Verdict:
tizek32.sys generally is the only file caught here,
and it could/should be whitelisted by avast as it was by bitedefender’s.
A more generic exeption could also be added.
Detections are mainly and solely based on the powerful packer used here to protect
the files.
Well Comodo Site Inspector still flags it: http://siteinspector.comodo.com/public/reports/339617
for malcious behavior detected…
And here: http://vscan.urlvoid.com/analysis/9c8c9d187d9a8960f89c38a2ec1a36a9/dGl6ZWszMi1zeXM=/
What’s the point in replying with “and not only from Avast”? Yes, I know some other antiviruses produce false positives as well. That means they’re broken as well. I’ll inform them about it just like I informed you.
And sometimes these evaluations work out and a FP might be recognized as it initially was missed with this software for example at Bitdefender’s (seen a similar sort of posting on their forums). Funny that TrafficLight flags -tz-ac.com/ as an unsafe page.
Then obviously I have no other choice but giving my users a list of anti viruses which are incompatible with my software. It’s up to them to choose whether they want to continue using my application or your anti virus, or use my software and switch to a working solution against viruses.
I am sure avast will run out of customers.A user will belive his anti virus and not a random programer who is trying to infect machines probably.May i ask again,what kind of software is this?
That is the problem with anti virus companies, they have attitude like you. Antivirus companies are not some AUTHORITY. Antivirus applications are not perfect, they have many flaws, of which many are detection related. Please take a minute to google ‘false positive’. If it’s a generic detection (please look up ‘generic’ in a dictionary, it may help you understand the problem), then they should review the files. If they have to whitelist it over and over after verification, that means the detection needs to be fixed. That is simple logic.
To others: yes, IE and some other use some suspicious sites generated by ANTIVIRUSES. Your (and other companies’) broken antivirus solutions are causing much more problems than just alerting users that download a file.
Now please stop with the “you’re a random programmer and Avast is right” attitude, you’re exposing your stupidity.
Before you accuse someone due to GENERIC (plus broken) detections, ask your antivirus vendor to verify the file. I am not distributing malware digitally signed by my name.
P.S. The software is an anticheat application used in multiplayer games by thousands of people every day. If there was anything malware-ish in it, someone would have noticed. But nobody did, and half of them are annoyed whenever the application is started because of broken antiviruses.
Do not worry, the truth will get out eventually. Bitdefender flagged the program and now does not detect it any longer as far as I am aware. There it was the packer that was flagged initially. Anubis report would not open from inside the wepawet scan for me, but the url scan at anubis worked fine and I told about the heuristic alarm bells.
There are al lot of generic alarm bells going when this is being scanned. So it is extremely important for this kind of software to be properly signed to stand out against malware. See what happened with some Adobe FP’s because there we saw a similar problem with signatures. So open software developers with all the modern protective wrapping necessary could feel they have a harder time to state their case, I admit these factors are also to be weighed into the balance.
If the software is OK,and does not fall into the category malware, and is proven to be goodware, eventually it will be whitelisted by av-vendors. With FP’s it is as with lies, they have short legs, and the opposite truth is called added protection. Time will tell,
Really, you are taking quite a polarized attitude as well, calling any AV that flags your program as “broken”…
In regards to infections, AV vendors kind of are the authority, for in their absence, what authority on malware is there?
If this is a false generic rootkit detection on an anti-cheat, are you really surprised? Anti-cheats get this a lot, since many are pretty much rootkits, just not malicious ones.