• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Avast: False Positive Much?

CyberDruid

CyberDruid

New Member
Joined
Sep 23, 2007
Messages
2,887 (0.48/day)
Location
On top of a mountain
System Specs
System Name Shop Dog
Processor E8400
Motherboard Asus Blitz Formula SE
Cooling d-Tek FuZion
Memory 2 x 2GB DDR2 800 G Skill
Video Card(s) EVGA 7900 GTX
Storage 150GB VelociRaptor
Display(s) Acer 21.5 1080p LED Back Lit Monitor
Case Working on it
Audio Device(s) PCI SoundMax
Power Supply Silverstone 750 Modular
Software XP Pro SP2
Benchmark Scores Super Pi 11.56s 1M at 4050mhz
After the Razer Trojan debacle a few days ago where only 7 out of 41 AV scanners found the exploit I decided to install Avast (one of the 7) and sure enough it found the Trojan in the DLed Deathadder driver, but now it has proceeded to find Numerous other Trojans in my archived collection of T-Mod .iso and .rar files (for modding DFI Bios). And in some patch files...so I have to ask: are these false positives? I have a hard time believing BIOS Medic (T) would put a trojan in his work. But maybe his server was compromised.

What do you guys think?
 
[Ion]

[Ion]

WCG Team Assistant
Joined
Sep 15, 2009
Messages
13,391 (2.51/day)
Location
Raleigh, North Carolina, United States
System Specs
System Name Niedersachsen / Ribe / Minsk
Processor i3 3240 / i7-3520M / 4x Opteron 6376 @ 2.86GHz
Motherboard BIOSTAR H61M / HP Q77 / Supermicro H8QG7
Cooling Stock / Stock / 4x 1U G34
Memory 1x8GB / 2x4GB / 4x4GB
Video Card(s) GTX260 / Intel HD 4000 / nVidia GT310
Storage 80GB Intel SSD / 256GB Intel SSD / 2x 60GB SSD (RAID1)
Display(s) Dell 3007 + HP 2245w / 12.1" 1366x768 / None
Case Antec NSK3480 / HP / Supermicro 1U
Audio Device(s) Onboard
Power Supply Enermax 500W / HP 130W / Supermicro Gold 1400W
Keyboard IBM Model M
Software Windows 7 (Niedersachsen/Ribe) / Linux Mint 17.2 (Minsk)
Almost certainly a false positive, Avast sometimes identifies various Folding@home cores as viruses, and it thinks my ISOs of XP Pro and Server 2008 (ripped from retail CD and downloaded from MSDN, respectively) are decompression bombs. I wouldn't worry about it, but if you think they might be viruses, go to VirusTotal and scan them
 
oily_17

oily_17

Joined
Sep 25, 2006
Messages
2,312 (0.36/day)
Location
Norn Iron
System Specs
Processor Q9550 @3.8
Motherboard Asus Maximus Extreme
Cooling Custom water cooling
Memory 4GB Patriot Viper DDR3 1600MHz
Video Card(s) 2x HD4870 512MB
Storage 2x 500GB
Display(s) 3x LG L226WTQ 22" Widescreen LCD
Case Modded TJ07
Audio Device(s) On board
Power Supply PC P&C Silencer 750
Software Windows 7 Ultimate
Take a read here CD, it seems OK, Avast giving a false positive -

http://csd.dficlub.org/forum/showthread.php?t=1525

No Trojans Here:

I have had several PM's or posts regarding my DVD containing a trojan, There are no trojan's on my DVD.

The problem is most likely encountered when using Avast as it gives a false positive.

KillCMOS acts like a virus in that it wipes out the CMOS, Not destroying it but clearing it like no other method does.

So rest assured I would not place a trojan in my DVD.
Click to expand...
 
R

RejZoR

Joined
Oct 2, 2004
Messages
13,791 (1.93/day)
System Specs
In these days you can't really trust anyone's word without inspecting. Hacked servers with injected binaries, viruses that infect compiler resources (these are cool, programmers even slam digital signatures over them -> Win32:Induc virus) etc...

But if you suspect it's a false positive made by avast!, let me know and i'll inspect it.
 
T

twilyth

Guest
I guess it is using some sort of heuristics, which is good IMO. 0-day threats are too common to have to rely on database updates. The downside is that sometimes they are too aggressive.

Give Avira a try. It almost never gives a false positive and with Malwarebytes running too, I think I should get most shit that tries to slide by. You can use the full program for 30 days and the license rates aren't bad - especially if you get multiple licenses. I have a contract for 3 for 3 years and if I can get another cruncher up, I'll get another. I give extra licenses to friends who I know aren't sharp enough to worry about this for themselves.
 
T

twilyth

Guest
RejZoR said:
AVIRA is very aggressive with it's heuristics and generic detections, so you can expect slightly more false positives with it.
Click to expand...

I disagree. I've been using it for maybe a year and a half and it rarely alerts me to anything that is a waste of my time. In fact I can't think of a single case. It does find quite a lot of shit in old files that I've archived when it does a scan, but they all look legit since they always tell me what the malware is. It's heuristics have only kicked in a handful of times and I have it on the highest setting.

But if for whatever reason you do get more than one or 2 false positive a month, you can customize it's sensitivity.

Malwarebytes on the other hand has given me false positives maybe 3 or 4 times a week.

I dl a lot of stuff. Not so much software anymore - maybe a half gig a month, if that. But I dl tons of video. Granted, a wmv file isn't that popular as a vector, but even so . . .
 
You must log in or register to reply here.
Top