Avast false positive with DVD Region + CSS free

[R.V.Gronoff]

Hi,

Avast has updated to the latest version and definitions, and now I can't
load Fengtao DVD Region + CSS free: Avast says that DVDRegionFree.exe is a
Win32:Trojan-gen {Other} Virus/worm.
VPS version: 080520-1, 05/20/2008

RVG

 

[VanguardLH]

Avast has updated to the latest version and definitions, and now I can't
load Fengtao DVD Region + CSS free: Avast says that DVDRegionFree.exe is a
Win32:Trojan-gen {Other} Virus/worm.
VPS version: 080520-1, 05/20/2008

If adding the file or folder to the exclusions list in Avast doesn't
work (apparently it isn't applied for the resident scanner), and until
Avast gets the false positive corrected in their database (assuming it
is a false positive), you'll have to disable Avast while you use the
program.

Have you submitted the file(s) to virustotal.com to have multiple
anti-virus scanners check the file(s)?

 

[David H. Lipman]

From: "VanguardLH" <[email protected]>


|
| If adding the file or folder to the exclusions list in Avast doesn't
| work (apparently it isn't applied for the resident scanner), and until
| Avast gets the false positive corrected in their database (assuming it
| is a false positive), you'll have to disable Avast while you use the
| program.
|
| Have you submitted the file(s) to virustotal.com to have multiple
| anti-virus scanners check the file(s)?

To add to this advice...

Have you (R.V.Gronoff) sent a sample to Avast ?

(e-mail address removed)

 

[R.V.Gronoff]

If adding the file or folder to the exclusions list in Avast doesn't
work (apparently it isn't applied for the resident scanner), and until
Avast gets the false positive corrected in their database (assuming it
is a false positive), you'll have to disable Avast while you use the
program.

Have you submitted the file(s) to virustotal.com to have multiple
anti-virus scanners check the file(s)?

It's the legit file I've been using for about two years now. The thing is,
it works at a very low level to intercept the DVD drives region code and
emulate a region 0 code instead., allowing to play any region-coded DVD in
the PC drive(s).

 

[R.V.Gronoff]

From: "VanguardLH" <[email protected]>


|
| If adding the file or folder to the exclusions list in Avast doesn't
| work (apparently it isn't applied for the resident scanner), and until
| Avast gets the false positive corrected in their database (assuming it
| is a false positive), you'll have to disable Avast while you use the
| program.
|
| Have you submitted the file(s) to virustotal.com to have multiple
| anti-virus scanners check the file(s)?

To add to this advice...

Have you (R.V.Gronoff) sent a sample to Avast ?

(e-mail address removed)

I doubt it would be legal to email a copy of this commercial software to
Avast or whoever else...

 

[VanguardLH]

It's the legit file I've been using for about two years now. The thing is,
it works at a very low level to intercept the DVD drives region code and
emulate a region 0 code instead., allowing to play any region-coded DVD in
the PC drive(s).

Age of use does nothing to prevent the file from getting infected or
replaced.

 

[David H. Lipman]

From: "R.V.Gronoff" <[email protected]>

|
| I doubt it would be legal to email a copy of this commercial software to
| Avast or whoever else...

It is totally legal! If it was not legal, I would never have mentione4d it.

Avast is not flagging every file, just one or two. Jest send the file(s) being flagged to
Avast.

 

[David H. Lipman]

From: "VanguardLH" <[email protected]>


|
| Age of use does nothing to prevent the file from getting infected or
| replaced.

If it got replaced the software would no longer work. However it can get trojanized.

 

[David H. Lipman]

From: "R.V.Gronoff" <[email protected]>


|
| It's the legit file I've been using for about two years now. The thing is,
| it works at a very low level to intercept the DVD drives region code and
| emulate a region 0 code instead., allowing to play any region-coded DVD in
| the PC drive(s).

Assuming it is legitimate, then you should send a sample to Avast indicating your suspicions
that it is a False Positive declaration.

 

[VanguardLH]

From: "VanguardLH" <[email protected]>

|
| Age of use does nothing to prevent the file from getting infected or
| replaced.

If it got replaced the software would no longer work. However it can
get trojanized.

As yet, no one but the OP knows if the files are still working. We
only know that the OP says Avast claims the files are infected.

 

[David H. Lipman]

From: "VanguardLH" <[email protected]>

|> Age of use does nothing to prevent the file from getting infected or
|> replaced.

|
| As yet, no one but the OP knows if the files are still working. We
| only know that the OP says Avast claims the files are infected.

Yes... Win32:Trojan-gen -- a generic detection. If it was trojanized or infected with a
virus the propensity for a generic detection would be much lower and would presumably have a
more specific detection. I believe this may be a FP declaration.

 

[pcbutts1 [MS MVP]]

So it's a crack file.

 

[R.V.Gronoff]

"pcbutts1 [MS MVP]" <[email protected]> a écrit dans le
message de groupe de discussion :
[email protected]...

So it's a crack file.

How that ? It only bypasses the firmware region code in order for DVD
software to play any DVD from any region.
http://www.dvdidle.com/en/dvd-region-free.htm

 

[R.V.Gronoff]

OK, my bad: Avast is God and I am Dr Evil's mini-me: the exe in question WAS
infected! I un/re-installed the progamme from a fresh download and now
it's clean.

 

[Colon Terminus]

OK, my bad: Avast is God and I am Dr Evil's mini-me: the exe in question
WAS infected! I un/re-installed the progamme from a fresh download and
now it's clean.

Thanks for the update.
I had a similar experience a cuppla years ago.
Commercial software I'd been using for years was suddenly flagged by Avast!
I sent them a sample asking that they fix their false positive.
Turns out it wasn't a false positive, my commercial software had been
compromised.

 

[David H. Lipman]

From: <hmmm@hmmm>; <.org>

| || How did you finally determine that? Did Avast send you a full report or did
| you upload it to Virustotal? Were there any symptoms of the infection, ie
| were there any registry strings added, any unusual additions to a hijackthis
| log that you hadn't seen before, or were any files added to your OS
| directory?
|
| What's always puzzled me is that since these AV programs are scanning files
| so quickly, are they actually "reading" every file or are they just checking
| the filenames against a definition database.
|
| How many AV programs actually can clean the registry and OS/programs
| partition(s) of all the remnants of these trojans/viruses? Is just deleting
| or quaranting the offending file enough?
|
| If you read the Symantec manual cleaning instructions for any given trojan,
| there's quite a few areas that have to be cleaned.

They (AV applications) use signature and heuristics and do NOT use filenames.

Symantec has traditionally been bad at removing Registry modifications and is one of the
*many* reasons why Symantec is not at the top of the list of suggested AV applications.