The identifyer string in the vps for Win32:Mhtplo-18 is causing a lot of false positive.
Multiple times I have reported this to Alwil for the last few months.
I am wondering why it is still not fixed ???
Could you give any FP example here? I checked the string and I would say it shouldn’t be used in “normal” files… (IMHO).
If I download and scan THIS page, it will report the Win32:Mhtplo-18 infection and this is happening with a lot of webpages.
For testing purposes I downloaded the entire forum and many showed up this way. I have send in another example yesterday (virus@avast.com)
This is imho because the HJT-Log contains the code of the Exploit, e.g. in this line
O16 - DPF: {1101 …- m s - i t s : m h t m l : f i l e : //
Don’t kow if this qualifies as a FP