[Rivera42]

Avast Home Edition 4.8 detects "dvdrip 0.2.exe" as a virus, which makes no sense to me. The file comes from the following:
http://lifehacker.com/355281/dvd-rip...ck-dvd-ripping
and I was hoping somebody could shed some light on this.

In an interesting side note, I've run this application at least once to get it set up, and Avast didn't flag it, but during this weekly scan of my PC, it did.

It's a simple no-install executable, and I'd like to upload it to Virus Total's online file scanner, but that isn't working. I assume this is because Avast is doing its job, for which I'm grateful, but I think you can see the conflict of interest here.

**NOTE: This morning (around six hours or so after first posting this), I launched SUPERAntiSpyware on my other laptop, and Avast decided to flag THAT as containing a virus. I was unable to run the program until I used the Avast "pause provider" feature.

I think DVD Rip is a script, and that may have a role in this. Go to:
http://www.autohotkey.com/forum/topic27562-15.html

[Mark0]

When in doubt, you can always check a file with one of the various online analysis tools.
For example, VirtusTotal report the finding of a numbers of diffent antivirus engines:
http://www.virustotal.com/

But often, it just take an executable to be compressed with some EXE packer to raise the alarm of certain AV engines. An interesting analysis tools based on different principles is Norman Sandbox:
http://www.norman.com/microsites/nsic/Submit/

Hope this helps,
Bye!

[Rivera42]

Quote:

Originally Posted by Rivera42

... I'd like to upload it to Virus Total's online file scanner, but that isn't working. I assume this is because Avast is doing its job, for which I'm grateful, but I think you can see the conflict of interest here...

I think DVD Rip is a script, and that may have a role in this. Go to:
http://www.autohotkey.com/forum/topic27562-15.html

Ummm.....

[Mark0]

Ops, sorry for the Virus Total double.
But, I just tried it myself and as I had supposed, various engine flagged it as a Trojan, while the analysis of the Norman Sandbox don't flag any strange activity.

Bye!

[Rivera42]

Presumably the file you scanned is the same as the one on my pc. I think I have to disable Avast temporarily (right-click tray icon/pause on-access provider) to do anything with that file now, despite the fact that I've added its containing folder to the ignore list. Given the inconclusive nature of the mixed scan results, what -if anything- should I do about all this? Scrap the program entirely and get dvdfab or something like that, or what?

[Mark0]

This is the report from the Norman Sandbox:

Code:

 [ DetectionInfo ]
   * Sandbox name: NO_MALWARE
   * Signature name: NO_VIRUS
   * Compressed: YES
   * TLS hooks: NO
   * Executable type: Application
   * Executable file structure: OK

 [ General information ]
   * **Locates window "C:\SAMPLE.EXE [class AutoHotkey]" on desktop.
   * Display message box (SAMPLE.EXE) : CreateWindow.
   * File length:       305139 bytes.
   * MD5 hash: db0e34fe7f6f1eed30fca33b3754c7d8.

So I think the file is OK.
But, if you want to be perfectly safe, you could try it before in a Virtual Machine, maybe, or with Sandboxie.

Bye!

[jbhardman]

Not to bash Avast (I know a lot of people love it) but av-comparatives.org gave it a rating of "many" on false positives.

[Rivera42]

Now I can't run the application; Avast won't allow it and I'd have to disable On-Access protection to use the file. Not that I have any great burning need to run it right this second, I'm just sayin'.

It's great to have an AV that's aggressive, but this is a little much. Heck, I even tried to edit the allow list and it's still blocking the program anyway.