AVG False Positive Detection

Cmp_Cmndo

Well-Known Member
AVG is reporting false positive detection on both HWInfo32 & 64 installers.
After repeated Ignores, it will install. On the 64 machine, I changed to MSE. I will keep the WinXP-32 machines with AVG, for now.
If the downloaded file is scanned with AVG, there is no false positive detection. I know it's a false detection & so does Martin. AVG was previously informed, they have not implemented a fix.

I suggest the following rewording: "Some antiviruses may report a suspicious component in the package, but this is a false alarm. Each HWiNFO32 release is checked against viruses, trojans, malware and spyware and is guaranteed to be clean. AVG will report the Self-installing EXE as a threat; Ignore it & keep ignoring it until it finally installs."

http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=395
 

Martin

HWiNFO Author
Staff member
Thanks for the information, this is definitively a false alarm which should be fixed by AVG. The installer is based on widely used freeware InnoSetup, so AVG should already have lots of false reports. I'll try to resubmit this issue.
 

Martin

HWiNFO Author
Staff member
I just got feedback from AVG (pretty fast support must I say):


Subject: Case AVG#0003728001: [ ref:00D4000000086fU.5004000000GOFiQ:ref ] RE: False detesction

Dear Martin,

Thank you for your e-mail.

We tried to download self-installing EXE version of HWiNFO32 (v3.86-1370) and HWiNFO64 (v3.86-1370) from the link you provided us and was able to download it without any problem. Kindly inform your users to update their AVG and see if it fixes the problem.

Thank you for your cooperation.

Best regards,

Catherine Feliciano
AVG Customer Services
http://www.avg.com
 

Cmp_Cmndo

Well-Known Member
Martin said:
...We tried to download self-installing EXE version of HWiNFO32 (v3.86-1370) and HWiNFO64 (v3.86-1370) from the link you provided us and was able to download it without any problem....
This response does not address the problem. There is no false positive when trying to download. The false positive occurs when attempting to perform the installation.
 

Martin

HWiNFO Author
Staff member
I see, okay, I'll forward this to the AVG support team.
Can you please make a screenshot where it's visible?
 

Martin

HWiNFO Author
Staff member
New response from AVG:
----------------------------
We would like to inform you that we download the software from the mentioned link, but we regret to say that we could not induce detection.

If possible please zip up infected files which AVG detected and attach it to this e-mail for prompt analysis. Also, we would like to request from you to provide us, the exact method on how we can induce detection, and send us the screenshot that shows the exact component which falsely detecting the software so we can do some further analysis.

With your cooperation and support, the outcome will help us address the problem effectively.
 

Cmp_Cmndo

Well-Known Member
Martin said:
I see, okay, I'll forward this to the AVG support team.
Can you please make a screenshot where it's visible?
The false positive occurs when attempting to perform the installation from the C:\!Downloads folder where it was downloaded to.
 

Attachments

Martin

HWiNFO Author
Staff member
I see you used v3.84 of HWiNFO32. Does the same happen with the latest v3.86 ?
 

Cmp_Cmndo

Well-Known Member
Martin said:
I see you used v3.84 of HWiNFO32. Does the same happen with the latest v3.86 ?
Yes, I just happened to have the pic of that one. Since v3.86 is now installed on all 3 of my computers (2 with AVG).

I downloaded v3.86 from your website & the same AVG message flashed on the screen, just for a second during the download & then went away. This machine is using WinXP & Firefox 6.02. Another one is using WinXP & IE8. The 3rd is Win7-64 with FF 6.02.

As soon as I click on downloaded file, the message reappears. I captured it here. As long as I don't click on "Move to Vault" or "Ignore", the Threat Detected windows stays open & I can move it around the screen. Can't close it without clicking on one of the two choices.

Only happens with the EXE, not the ZIP.
 

Attachments

Martin

HWiNFO Author
Staff member
It seems AVG acknowledged this problem and will fix it. This is the latest feedback from them:
----------------

Unfortunately, the previous virus database might have detected the mentioned virus in some legitimate applications. After a lot of efforts and analysis, we can confirm that this was a false alarm. We will release a new virus update removing the false positive detection of the mentioned file. Please update your AVG as described in FAQ 3271:
http://www.avg.com/faq?num=3271

When the update is completed, AVG will automatically restore the falsely detected file from the AVG Virus Vault to its original location.

We apologize for any inconvenience.
 

Martin

HWiNFO Author
Staff member
Update from AVG:
The next update is planned to be released after 23:00 CEST today.
 

Cmp_Cmndo

Well-Known Member
Martin said:
Update from AVG:
The next update is planned to be released after 23:00 CEST today.
Seems to be fixed ahead of schedule. Downloaded and reinstalled v3.86-1370, no threat detected.
 
Top