Win32:Mhtplo-18 detection causing false positives

The identifyer string in the vps for Win32:Mhtplo-18 is causing a lot of false positive.
Multiple times I have reported this to Alwil for the last few months.
I am wondering why it is still not fixed ???

Could you give any FP example here? I checked the string and I would say it shouldn’t be used in “normal” files… (IMHO).

If I download and scan THIS page, it will report the Win32:Mhtplo-18 infection and this is happening with a lot of webpages.

For testing purposes I downloaded the entire forum and many showed up this way. I have send in another example yesterday (virus@avast.com)

This is imho because the HJT-Log contains the code of the Exploit, e.g. in this line

O16 - DPF: {1101 …- m s - i t s : m h t m l : f i l e : //

Don’t kow if this qualifies as a FP :wink: