I’m confused a bit in that all of a sudden today avast! said a program I’ve been using for years is infected with this Win32:Dropper-gen [Drp]. The program was open and I clicked on it to load a file, avast! warning popped up, grabbed the file, and moved it to the Chest. I tried using the EXE file from a flash drive thinking no way that could be infected, and avast! did the same thing with that (I copied the EXE from the flash driver to the computer desktop and tried to re-install from there).
I’m running that exact same program on another computer with avast! and it’s running fine. The program never has updates, just newer versions that I don’t upgrade to (my version is free and they don’t offer another free version that’s this good). I ask avast! to set it as an exception so I can use it and sent it in to avast! as a false positive, but how can I be sure it is? It’s a transcription program by NCH Software. I use this program every single day, all day, and cannot do my work without it.
I ran a quick scan by Malwarebytes and it found nothing. I’m running a deeper scan through them right now.
Any suggestions? Does it sound like a false positive?
Pondus, in the chest when I chose to restore and set an exception a form also popped up to report to avast! as a false positive. I did that. Is there something else I should do?
Just to add this…I did an online Virus Total scan of the install exe and file exe for this program from NCH Software (Express Scribe). The install exe is the one that came from my flash drive that’s been there for three months. Out of 46 antivirus program, these are the only two that “found” something.
The Install EXE gave me these 2 issues. The other 44 AVs found nothing:
Avast Win32:Dropper-gen [Drp] 20140317
ESET-NOD32 a variant of Win32/Toolbar.Conduit.I 20140318
The program EXE gave me these 3. The other 47 AV programs found nothing.
Avast Win32:Dropper-gen [Drp] 20140318
Baidu-International Adware.Win32.Conduit.I 20140317
ESET-NOD32 a variant of Win32/Toolbar.Conduit.I 20140318
Housecall shoes a trojan on the exe that runs the program on this scan, but it didn’t on the scan I ran earlier. AND I downloaded Housecall and ran a quick scan…it found nothing.
The file to install the program is one I’ve used for at least five years. It’s been on my flash drive. And it’s on another computer that is not showing these results.
That is why PUP detection is turned off, if you want to keep the toolbar then it is up to you. Conduit has a so-so reputation with its toolbars and search engine