Trojan horse Dropper.Agent.DIR - false positive?

Discussion in 'ewido anti-spyware forum' started by sbne, Apr 19, 2007.

Thread Status:
Not open for further replies.
  1. sbne

    sbne Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    4
    We have a graphic editing program with installer, which we have had developed for distribution to MS Windows users.
    It was developed in late 2006. We have tested it on several computers, but not yet distributed it publicly.
    This week AVG has identified these files as containing "Trojan horse Dropper.Agent.DIR".
    We cannot find any reference to this virus in the AVG encyclopedia or in a Google search.
    Our developer assures us that the program does not contain a virus.
    In searches we have found several instances of "false positives" from AVG relating to other "Dropper.Agent." results.
    We find that the AVG site does not seem to provide a practical line of communication for this issue.
    Any suggestions to resolve this will be appreciated.
     
  2. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Trojan Horse Dropper.Agent.DIR is an AVG Anti-Virus detection. This forum deals with the product range of the former Ewido networks, which is now called AVG Anti-Spyware. The two products use different engines, and this forum offers support for AVG Anti-Spyware, not AVG Anti-Virus.

    I suggest you send the file detected as infected by AVG to the technical support team of Grisoft and explain this situation to them.
     
  3. sbne

    sbne Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    4
    Thankyou for this advice.
    We cannot find a way to contact grisoft technical support at their site, without buying their program.
    Any suggestions for an email address for them will be welcome.
     
  4. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    You do not need to use their website to contact their support. Grisoft's technical support can be contacted by sending an email to technicalsupport[at]grisoft.com. You can also send reports of such false positives to virus[at]grisoft.com. You should also include the exact file detected by AVG as being infected in a password protected archive along with the message (regardless of which email address you use).

    Usually, for those not having a license key for AVG (i.e. non paying user), they fix the FPs (or add the undetected malware) within 3 days, but do not reply to the message. However, your case could well be different because it probably pertains to a legitimate product of a corporate company being erroneously detected as being infected. A point to be noted is that you should list all the AVG products which are detecting it. "Trojan Horse Dropper.Agent.DIR" should be detected by all AVG products except AVG Anti-Spyware.

    If this doesn't work out, I managed to dig out a few marketing people's email addresses at Grisoft. Let me know and I'll send you a Private Message with these email IDs. But I'm not entirely sure that a marketing person will help you with what is obviously meant to be handled by the virus analysis experts.
     
    Last edited: Apr 20, 2007
  5. sbne

    sbne Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    4
    Great. I will email them as you suggest. Thanks very much.
     
  6. sbne

    sbne Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    4
    Hello again.
    It has taken 3 weeks, but we now have AVG anti-virus acknowlege that our program does not have a virus and they have rectified their program so it does not show the false positive any more.
    However, we now find that AVG anti-spyware says that our software is infected with "Dropper.Agent.bft".
    What is the next step to resolve this?
    Thankyou.
     
  7. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
Thread Status:
Not open for further replies.