VBS:Houdini-F [Trj] Continious FLASE DETECTION !!

AVAST - for F’s sake - will you fix your false detections of VBS:Houdini-F [Trj]

I have been asking you now for 2 Months - sent emails and examples and still nothing !!! This script was written by us and is not a virus, worm, or anything else.

The file in question is a pretty ordinary .asp vbscript file that does some file accessing and makes a Soap call.

It is driving us crazy here and we keep having to turn off Avast just to get some work done.

FIX IT !!!

I have been asking you now for 2 Months - [b]sent emails and examples and still nothing[/b] !!!
could you post all info here also

are you using USB stick/removable drives?

upload detected file to www.virustotal.com if tested before, click rescan for a fresh result

post link to scan result here

I am not using USB/Stick/removable drives.

The file in question is a pretty ordinary .asp vbscript file that does some file accessing and makes a Soap call. And written by us.

https://www.virustotal.com/en/file/ddf56c7e6d988fba555c5bd4cf608e9f1fd1795b0639d7f6d63a5ea088bfff74/analysis/1452331950/

VBS:Houdini-F [Trj] is a family of worms.

Microsoft call it VBS/Jenxcus … click Technical Information tab for info
http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=VBS/Jenxcus

Have reported it as possible FP so no it is wait and see …

Yes I know what it is - but you are reporting it as a FP.

You and only NANO-Antivirus reports it and in fact NANO-Antivirus calls it something entirely different, leaving you as the only one out of 54 that says it is a virus.

but you are reporting it as a FP.
yes i have reported it to avast
in fact NANO-Antivirus calls it something entirely different
all AV vendors have there own naming, so that NANO give another name means nothing

if you look at the MS link i gave above you will see a list of alias name at top there

see name example here
https://www.virustotal.com/en/file/6df28a19a065f21ac81f612e27deddc596834468a31a312ceb255cf24e355adb/analysis/1394712262/

Hi,
Nano isn’t calling it “an entirely different” name - if you watch closely, you will see some similarity in “houdini” and “dinihou” family names :wink:
I will analyze the file and let you know the resolution.
Honza

Thank you.

I have disabled the detection, it indeed seems like a false positive.

Which email did you use when you tried to contact us?
Did you submit a ticket at support.avast.com?

Thanks for your cooperation :wink: