1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Avast: False Positive Much?

Discussion in 'General Software' started by CyberDruid, Sep 25, 2009.

  1. CyberDruid

    CyberDruid New Member

    Joined:
    Sep 23, 2007
    Messages:
    2,888 (1.13/day)
    Thanks Received:
    1,100
    Location:
    On top of a mountain
    After the Razer Trojan debacle a few days ago where only 7 out of 41 AV scanners found the exploit I decided to install Avast (one of the 7) and sure enough it found the Trojan in the DLed Deathadder driver, but now it has proceeded to find Numerous other Trojans in my archived collection of T-Mod .iso and .rar files (for modding DFI Bios). And in some patch files...so I have to ask: are these false positives? I have a hard time believing BIOS Medic (T) would put a trojan in his work. But maybe his server was compromised.

    What do you guys think?
     
  2. [Ion]

    [Ion] WCG Team Assistant

    Joined:
    Sep 15, 2009
    Messages:
    11,787 (6.43/day)
    Thanks Received:
    10,889
    Location:
    North Carolina, United States
    Almost certainly a false positive, Avast sometimes identifies various Folding@home cores as viruses, and it thinks my ISOs of XP Pro and Server 2008 (ripped from retail CD and downloaded from MSDN, respectively) are decompression bombs. I wouldn't worry about it, but if you think they might be viruses, go to VirusTotal and scan them
     
    CyberDruid says thanks.
    Crunching for Team TPU
  3. oily_17

    oily_17

    Joined:
    Sep 25, 2006
    Messages:
    2,313 (0.79/day)
    Thanks Received:
    670
    Location:
    Norn Iron
    Take a read here CD, it seems OK, Avast giving a false positive -

    http://csd.dficlub.org/forum/showthread.php?t=1525

     
    CyberDruid says thanks.
  4. RejZoR

    RejZoR

    Joined:
    Oct 2, 2004
    Messages:
    4,628 (1.27/day)
    Thanks Received:
    928
    Location:
    Europe/Slovenia
    In these days you can't really trust anyone's word without inspecting. Hacked servers with injected binaries, viruses that infect compiler resources (these are cool, programmers even slam digital signatures over them -> Win32:Induc virus) etc...

    But if you suspect it's a false positive made by avast!, let me know and i'll inspect it.
     
    CyberDruid says thanks.
  5. twilyth Guest

    I guess it is using some sort of heuristics, which is good IMO. 0-day threats are too common to have to rely on database updates. The downside is that sometimes they are too aggressive.

    Give Avira a try. It almost never gives a false positive and with Malwarebytes running too, I think I should get most shit that tries to slide by. You can use the full program for 30 days and the license rates aren't bad - especially if you get multiple licenses. I have a contract for 3 for 3 years and if I can get another cruncher up, I'll get another. I give extra licenses to friends who I know aren't sharp enough to worry about this for themselves.
     
  6. RejZoR

    RejZoR

    Joined:
    Oct 2, 2004
    Messages:
    4,628 (1.27/day)
    Thanks Received:
    928
    Location:
    Europe/Slovenia
    AVIRA is very aggressive with it's heuristics and generic detections, so you can expect slightly more false positives with it.
     
    CyberDruid says thanks.
  7. twilyth Guest

    I disagree. I've been using it for maybe a year and a half and it rarely alerts me to anything that is a waste of my time. In fact I can't think of a single case. It does find quite a lot of shit in old files that I've archived when it does a scan, but they all look legit since they always tell me what the malware is. It's heuristics have only kicked in a handful of times and I have it on the highest setting.

    But if for whatever reason you do get more than one or 2 false positive a month, you can customize it's sensitivity.

    Malwarebytes on the other hand has given me false positives maybe 3 or 4 times a week.

    I dl a lot of stuff. Not so much software anymore - maybe a half gig a month, if that. But I dl tons of video. Granted, a wmv file isn't that popular as a vector, but even so . . .
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page