False positives from AVG Free 7 - Trojan horse Dropper.small.22.AY -- ??

AVG Free 7.0.322
Virus Base 267.6.1 - Release Date 6/3/2005 (and previous definition)

AVG has been issuing infections over the last two definition updates.
Infection - Trojan horse Dropper.small.22.AY
Location - C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe

fpdisp5a.exe is a legitimate file and path for FinePrint, a program I've used for years.

I became a little concerned when I could not find any virus definition on Google search for
Trojan horse Dropper.small.22.AY .. possible being a new variant. I online scanned with TrendMicro, PandaActive Scan, and RAV, all came up clean.

So I'm somewhat confused ... Legitimate file flagged as an undiscovered virus ..
or at least only known to AVG as a virus.

ALSO - AVG continues to issue detection. Does AVG have an "Exclude / Exception" feature I can use?

 

Dennis L--Lots of discussion on this
http://www.google.com/search?source...:2004-31,GGLD:en&q=Trojan+horse+Dropper.small
PestPatrol seems to agree with you that it is not a trojan.
Perhaps you should post in the AVG forum?
http://forum.grisoft.cz/freeforum/
Or run Housecall (free, online antivirus program) and
Trojan Scanner (free online trojan scanner)
http://www.simovits.com/trojans/trojans.html

 

Thanks Welshjim

Posted on the AVG Free Forum. For possible "False Positive" issues, they always direct to Jotti's malware scan. You upload the suspect file, then 13 different malware engines scan the file simultaneously. On a single display, all engines report status of file. This could be a handy tool when ever you have a suspect file. When I scanned my suspect file, all engines reported "found nothing" -- except -- AVG, which stated the same Dropper.small.22.AY detect. With this result, I was instructed to move the information to AVG via email. AVG forum monitor suggested to disable "Use Heuristic Analysis" until AVG corrects the definitions.

Current Jotti's Malware scanning engines in use ...
AntiVir
Avast
AVG Antivirus
BitDefender
ClamAV
Dr.Web
F-Prot Antivirus
Fortinet
Kaspersky Anti-Virus
mks_vir
NOD32
Norman Virus Control
VBA32

Side Note
Firewalls may block when "Uploading" file to Jotti's malware scan web site,
could require tweaking / disabling of layered defenses.

 

Dennis L--Excellent information. If you have the time tell us what AVG eventually says. Hope they confirm it is a false positive.
The http://virusscan.jotti.org/ seems like a real find. I will pass this on (with credit to you) to the Security Forum on this board.

 

Since my suspect file is a print driver, when I startup the computer AVG issues the virus warning, which it did this morning when I stated up.
Clicked on AVG definition updates, new definition was available ...
AVG released Virus Base 267.6.4 ---- release date 6/6/05
After download, had AVG check the suspect file, came up clean, NO detect.
Went to Jotti's Malware scanning site, all 13 engines "found nothing ", including AVG Anti virus. The "Status report" had the following information ....

When I originally submitted this suspect file, the Status report only contained "INFECTED MALWARE. (I took jpg image shots of both before and after scans).

I have not received a email / response from AVG concerning this issue as being a false positive. But it would appear with todays definition update coming clean on both resident program and Jotti scan sure gives that appearance. Will keep board posted per any information / email from AVG.

 

Received the following email from AVG Technical Support today -- 6/9/05

They are a group of few words.
Happy they have corrected the problem.
Can't ask for any more for a free to use program.

 

Sir/Madam --thanks for the info. Pretty good service for a free program.