Avast false positive with DVD Region + CSS free

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi,

Avast has updated to the latest version and definitions, and now I can't
load Fengtao DVD Region + CSS free: Avast says that DVDRegionFree.exe is a
Win32:Trojan-gen Virus/worm.
VPS version: 080520-1, 05/20/2008

RVG


Re: Avast false positive with DVD Region + CSS free


Quoted text here. Click to load it

If adding the file or folder to the exclusions list in Avast doesn't
work (apparently it isn't applied for the resident scanner), and until
Avast gets the false positive corrected in their database (assuming it
is a false positive), you'll have to disable Avast while you use the
program.  

Have you submitted the file(s) to virustotal.com to have multiple
anti-virus scanners check the file(s)?

Re: Avast false positive with DVD Region + CSS free



|
| If adding the file or folder to the exclusions list in Avast doesn't
| work (apparently it isn't applied for the resident scanner), and until
| Avast gets the false positive corrected in their database (assuming it
| is a false positive), you'll have to disable Avast while you use the
| program.
|
| Have you submitted the file(s) to virustotal.com to have multiple
| anti-virus scanners check the file(s)?

To add to this advice...

Have you (R.V.Gronoff) sent a sample to Avast ?

virus@avast.com

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Avast false positive with DVD Region + CSS free



groupe de discussion : xuIYj.11126$IK5.7614@trnddc04...
Quoted text here. Click to load it

I doubt it would be legal to email a copy of this commercial software to
Avast or whoever else...


Re: Avast false positive with DVD Region + CSS free


|
| I doubt it would be legal to email a copy of this commercial software to
| Avast or whoever else...

It is totally legal!  If it was not legal, I would never have mentione4d it.

Avast is not flagging every file, just one or two.  Jest send the file(s) being
flagged to
Avast.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Avast false positive with DVD Region + CSS free



g0vhu9$4c9$1@registered.motzarella.org...
Quoted text here. Click to load it

It's the legit file I've been using for about two years now. The thing is,
it works at a very low level to intercept the DVD drives region code and
emulate a region 0 code instead., allowing to play any region-coded DVD in
the PC drive(s).


Re: Avast false positive with DVD Region + CSS free


Quoted text here. Click to load it

Age of use does nothing to prevent the file from getting infected or
replaced.

Re: Avast false positive with DVD Region + CSS free



|
| Age of use does nothing to prevent the file from getting infected or
| replaced.

If it got replaced the software would no longer work.  However it can get
trojanized.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Avast false positive with DVD Region + CSS free


Quoted text here. Click to load it

As yet, no one but the OP knows if the files are still working.  We
only know that the OP says Avast claims the files are infected.

Re: Avast false positive with DVD Region + CSS free


|
Quoted text here. Click to load it
|
| As yet, no one but the OP knows if the files are still working.  We
| only know that the OP says Avast claims the files are infected.

Yes...  Win32:Trojan-gen -- a generic detection.  If it was trojanized or
infected with a
virus the propensity for a generic detection would be much lower and would
presumably have a
more specific detection.  I believe this may be a FP declaration.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Avast false positive with DVD Region + CSS free



|
| It's the legit file I've been using for about two years now. The thing is,
| it works at a very low level to intercept the DVD drives region code and
| emulate a region 0 code instead., allowing to play any region-coded DVD in
| the PC drive(s).

Assuming it is legitimate, then you should send a sample to Avast indicating
your suspicions
that it is a False Positive declaration.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Avast false positive with DVD Region + CSS free

So it's a crack file.

--
Ignore posts made by the person called Leythos, he is a stalker who's been
obsessed with me for years ever since I spurned his advances towards me.




Quoted text here. Click to load it


Re: Avast false positive with DVD Region + CSS free



message de groupe de discussion :
31LYj.9359$nl7.6800@flpi146.ffdc.sbc.com...
Quoted text here. Click to load it


How that ? It only bypasses the firmware region code in order for DVD
software to play any DVD from any region.
http://www.dvdidle.com/en/dvd-region-free.htm


Re: Avast TRUE positive with DVD Region + CSS free


OK, my bad: Avast is God and I am Dr Evil's mini-me: the exe in question WAS
infected!  I un/re-installed the progamme  from a fresh download and now
it's clean.


Re: Avast TRUE positive with DVD Region + CSS free

Quoted text here. Click to load it


Thanks for the update.
I had a similar experience a cuppla years ago.
Commercial software I'd been using for years was suddenly flagged by Avast!
I sent them a sample asking that they fix their false positive.
Turns out it wasn't a false positive, my commercial software had been
compromised.



--
Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
      ------->>>>>>http://www.NewsDemon.com <<<<<<------
Unlimited Access, Anonymous Accounts, Uncensored Broadband Access

Re: Avast TRUE positive with DVD Region + CSS free


Quoted text here. Click to load it

How did you finally determine that?   Did Avast send you a full report or did
you upload it to Virustotal?  Were there any symptoms of the infection, ie
were there any registry strings added, any unusual additions to a hijackthis
log that you hadn't seen before, or were any files added to your OS
directory?

What's always puzzled me is that since these AV programs are scanning files
so quickly, are they actually "reading" every file or are they just checking
the filenames against a definition database.

How many AV programs actually can clean the registry and OS/programs
partition(s) of all the remnants of these trojans/viruses?   Is just deleting  
or quaranting the offending file enough?

If you read the Symantec manual cleaning instructions for any given trojan,
there's quite a few areas that have to be cleaned.  

Re: Avast TRUE positive with DVD Region + CSS free


|
Quoted text here. Click to load it
| How did you finally determine that?   Did Avast send you a full report or did
| you upload it to Virustotal?  Were there any symptoms of the infection, ie
| were there any registry strings added, any unusual additions to a hijackthis
| log that you hadn't seen before, or were any files added to your OS
| directory?
|
| What's always puzzled me is that since these AV programs are scanning files
| so quickly, are they actually "reading" every file or are they just checking
| the filenames against a definition database.
|
| How many AV programs actually can clean the registry and OS/programs
| partition(s) of all the remnants of these trojans/viruses?   Is just deleting
| or quaranting the offending file enough?
|
| If you read the Symantec manual cleaning instructions for any given trojan,
| there's quite a few areas that have to be cleaned.

They (AV applications) use signature and heuristics and do NOT use filenames.

Symantec has traditionally been bad at removing Registry modifications and is
one of the
*many* reasons why Symantec is not at the top of the list of suggested AV
applications.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline