Avira false positive maybe

It detects this:

Virus or unwanted program 'TR/Dloader.BAK'
detected in file 'C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe' [TR/Dloader.BAK].

And i cannot send this to fix it if it is a false positive.

 

uhhh... that is queer. it detetcted it three times and then stopped detecting it and Avira didn't have an update that fixed it.

 

Im sure its an fp because that file is used by ijji.com to launch gunbound revolution.

The signature TR/Dloader.BAK, The dloader part is probably the updater it detected because HGStart9USA.exe updates gunbound.

 

Ok i thought it was an fp and it is now detecting it again. Where does Avira keep quarantined files? I cant compress it and send it to them.

 

Here is a better place to ask this sort of question.

http://forum.avira.de/index.php

That's what it's there for

 

Hi MalwareDiw, rightclick tray icon of Antivir, click Start Antivir to load the main GUI, click on Quarantine tab, RightClick on the Quarantined item/ items and choose Restore to, then browse to the folder where u want to restore it to.
Send it here and let,s know how it goes.

http://analysis.avira.com/samples/index.php

Thanks

 

Okay ill give it a shot when I get home. I can't believe I didn't consider doing that though.

 

What's your heuristics level settings?

 

It didnt detect it with heuristics I think. The detection wasnt HEUR/something.

 

Thanks, please let us know what they find

 

They have confirmed it to be an fp and wil fix it later.

 

I'm just wondering now though. how do AV's get fps without heuristics? generic signatures?

 

False positives with "specific" signatures are much more common than you think.
AFAIK this is possible by mere coincidence (when the right part of a file matches the signature) or when the virus analysts select by accident a part of the file that it's common with other programs to create the signature. For example if a signature for malware created with AutoIt is created using a string that exist in all or most AutoIt program, a lot of legitimate autoit programs are detected as malware.

If I'm wrong I'm sure that members with much more knowledge (like Inspector Clouseau) can correct me.