Got a read that "sign of “Win32:HacDef-DE [Trj]” has been found in “C:\Program Files\Everest Labs\Spydefense\sds.dll” file.
This is a good programme and I question this. Seems to me that I heard sometime ago that this is a false read. Anybody know for sure?
In the meantime, I have put it in the chest as recommended by Avast. Hope it doesn’t stop my Spydefense programme from operating.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Send the sample to virus @ avast.com (without the spaces) zipped and password protected with password in email body and false positive in the subject.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
Meanwhile, as a workaround, add the false positive (which seems in this case…) to the Standard Shield exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
I had this trojan alert to while running the latest version of Hitman Pro 2. Strange.
It is strange because this is being detected in a specific signature Win32:HacDef-DE [Trj] these are usually less susceptible to FP detection than the generic signatures (-Gen at the end of a malware name), which seek to catch many variants of a family of malware.
There has been another VPS update today 0645-3, which is probably FP fixes check for update and scan the file again.
VPS 0645-3 did not solve the trojan alert for Hitman Pro 2 yet.
I have sent it already yesterday from the chest to virus @ avast.com (without the spaces) with this remark.
VPS 0645-4 (just available) solves the trojan alert for Hitman Pro 2.
Thank you Alwil team!!
Excellent, thanks for the quick response. 8)