Avira AV false detectiton rate sucks!

G

guppy

Limp Gawd
Joined
Jul 1, 2009
Messages
311
Installed Avira to Win7 because I have seen it highly rated by some of you people here. I just had over 2 hrs of my time wasted because its detection of trojans, virii and malware is total BS. Look at some of the files it is detecting as virii. Even System Internals software and anti-malware software Smitfraud. I have Avira set to medium sensitivty and not high. If I had it on high it would probably want to quarantine the Windows folder even. I've scanned that external backup HDD in the past with Avast and Malwarebytes and both report it as clean.

NONE OF THE BELOW IS MALWARE. AVIRA IS A WASTE OF MY FUCKING TIME.


H:\Backup\Drivers\tocaeditprojects2002-2008\assassinscreedfov.zip
[0] Archive type: ZIP
--> acFOV3.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\deadtorightsfov.zip
[0] Archive type: ZIP
--> dtrFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\farcry2fov1.0.zip
[0] Archive type: ZIP
--> fc2FOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\farcry2fov2.0.zip
[0] Archive type: ZIP
--> fc2FOV2.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\farcry2fov3.0.zip
[0] Archive type: ZIP
--> fc2FOV3.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\farcry2fov4.0.zip
[0] Archive type: ZIP
--> fc2FOV4.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\farcryfov1.0.zip
[0] Archive type: ZIP
--> frcyFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\gta3+vcfov.zip
[0] Archive type: ZIP
--> gta3FOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> viceFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\halofov.zip
[0] Archive type: ZIP
--> haloFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\halofov3rdp.zip
[0] Archive type: ZIP
--> haloThirdFov.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\hitmanfov.zip
[0] Archive type: ZIP
--> hitmanFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\hotwheelsracingfov.zip
[0] Archive type: ZIP
--> hwwrFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\hwwr.zip
[0] Archive type: ZIP
--> hwwrFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\manhuntfov.zip
[0] Archive type: ZIP
--> manFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\mbwrcamhack1.0.zip
[0] Archive type: ZIP
--> mbwrFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\mbwrtrainer.zip
[0] Archive type: ZIP
--> mbwr+6.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\mercenaries2res.zip
[0] Archive type: ZIP
--> merc2res.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\mercenaries2res2.zip
[0] Archive type: ZIP
--> merc2res2.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\mirrorsedgefov1.1.zip
[0] Archive type: ZIP
--> meFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\nfscarbonres.zip
[0] Archive type: ZIP
--> nfscres.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\pspgamepad.rar
[0] Archive type: RAR
--> receiver.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\racedriver3hshifter.zip
[0] Archive type: ZIP
--> RD3HSHIFT.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\rainbowsix3fov.zip
[0] Archive type: ZIP
--> rs3rsFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\rbrnet1.7.zip
[0] Archive type: ZIP
--> KBHook.dll
[DETECTION] Contains recognition pattern of the SPR/Dafunk.A.7 program
H:\Backup\Drivers\tocaeditprojects2002-2008\rbrnet2.0.zip
[0] Archive type: ZIP
--> KeyHook.dll
[DETECTION] Contains recognition pattern of the SPR/Dafunk.A.7 program
H:\Backup\Drivers\tocaeditprojects2002-2008\rbrnet2.1.zip
[0] Archive type: ZIP
--> KeyHook.dll
[DETECTION] Contains recognition pattern of the SPR/Dafunk.A.7 program
H:\Backup\Drivers\tocaeditprojects2002-2008\rbrnet2.2.zip
[0] Archive type: ZIP
--> KeyHook.dll
[DETECTION] Contains recognition pattern of the SPR/Dafunk.A.7 program
H:\Backup\Drivers\tocaeditprojects2002-2008\rtc1.4b.zip
[0] Archive type: ZIP
--> rtc1.3beta.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> rtc1.4pre-beta.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\silenthill3fov.zip
[0] Archive type: ZIP
--> sh3FOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\spiderman3res.zip
[0] Archive type: ZIP
--> spiderres.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\stalker1fov1.2.zip
[0] Archive type: ZIP
--> stalkerFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\stalker1fov1.3.zip
[0] Archive type: ZIP
--> stalkerFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\tombripper1.1b.zip
[0] Archive type: ZIP
--> tombripper_l.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\tr8fov.zip
[0] Archive type: ZIP
--> tr8FOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\vicecitymousemapper.zip
[0] Archive type: ZIP
--> vcamm.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Drivers\tocaeditprojects2002-2008\yagerfov.zip
[0] Archive type: ZIP
--> yagerFOV.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
H:\Backup\Files\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\Reboot.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.F program
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
H:\Backup\Files\SysinternalsSuite.zip
[0] Archive type: ZIP
--> psexec.exe
[DETECTION] Contains recognition pattern of the APPL/PsExec.F application

The scan has been done completely.

20350 Scanned directories
770874 Files were scanned
89 Viruses and/or unwanted programs were found
2 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
770781 Files not concerned
8014 Archives were scanned
53 Warnings
2 Notes
 
Last edited:
Yep, that's why I switched away from Avira. I switched to Comodo Internet Security because Avira made me paranoid about Trojans and I wanted to watch my outgoing connections real closely until I was 100% sure I wasn't infected.
 
I love how when you click on a hyperlink to get info on the supposed virus it brings up a purchse order link instead. I bet lots of suckers have fallen for that one.

I will say that Avira is very light on resources but I would never pay for software I can't trust. All AV can't be trusted to be accurate but this false detection rate is just off the wall and is a bad product. Back to Avast, me thinks.
 
Download Microsoft Security Essentials. I've read that the testing shows it was rated the highest with no false-positives. I've been enjoying it for a month now. At times has found several times more malware than MWB on systems I've worked on.
 
Id10t error me thinks, I have never had one single false positive with Anti-Vir and I had it do a full scan of all my drives every night.

Using MSE now anyway.

AV-Comparatives.org doesn't agree with you.
 
guppy said:
I've scanned that external backup HDD in the past with Avast and Malwarebytes and both report it as clean.
Click to expand...

Key word: PAST. Computer Viruii do change quite often so just because Avast and Malwarebytes in the PAST didn't pick them doesn't mean that the HDD was clean. There's a possibility that both apps didn't have the proper definition updates that Avira has now.
 
bigdogchris said:
Download Microsoft Security Essentials. I've read that the testing shows it was rated the highest with no false-positives. I've been enjoying it for a month now. At times has found several times more malware than MWB on systems I've worked on.
Click to expand...

It's shaping up to be an excellent product. For the past few malware infested PCs we've had come in...I've been using MSE first..and then hitting it with MalwareBytes 'n others afterwards..and they find only a smattering of leftovers. Showing that MSE is removing a great deal of the infestations on its first pass. Slow scanning when you do a deep/thorough scan..but hey, if it works. :D
 
YeOldeStonecat said:
It's shaping up to be an excellent product. For the past few malware infested PCs we've had come in...I've been using MSE first..and then hitting it with MalwareBytes 'n others afterwards..and they find only a smattering of leftovers. Showing that MSE is removing a great deal of the infestations on its first pass. Slow scanning when you do a deep/thorough scan..but hey, if it works. :D
Click to expand...

MSE is something that Microsoft should have done years ago, and it should be IN the box. There's nothing that's easier to use and so effective right now, and its free. Slow deep scans but I've never see a fast deep scan on any AV product.
 
guppy said:
I love how when you click on a hyperlink to get info on the supposed virus it brings up a purchse order link instead. I bet lots of suckers have fallen for that one.

I will say that Avira is very light on resources but I would never pay for software I can't trust. All AV can't be trusted to be accurate but this false detection rate is just off the wall and is a bad product. Back to Avast, me thinks.
Click to expand...

But..but...AV-Comparatives.org thinks differently. What nerve you have, lol.
 
Danny Bui said:
Key word: PAST. Computer Viruii do change quite often so just because Avast and Malwarebytes in the PAST didn't pick them doesn't mean that the HDD was clean. There's a possibility that both apps didn't have the proper definition updates that Avira has now.
Click to expand...

True, but it could also be false positives. Only way to find out is reinstall the mentioned AV programs update them and rescan. Also, he should try the Eset online scanner and other scanners(MSE, etc..) for shits and giggles and see what they come up with.
 
bigdogchris said:
Download Microsoft Security Essentials. I've read that the testing shows it was rated the highest with no false-positives. I've been enjoying it for a month now. At times has found several times more malware than MWB on systems I've worked on.
Click to expand...


I would like to but when I went to download it I was informed it is not available in Canada. China gets it but not Canada, why?
 
Danny Bui said:
Key word: PAST. Computer Viruii do change quite often so just because Avast and Malwarebytes in the PAST didn't pick them doesn't mean that the HDD was clean. There's a possibility that both apps didn't have the proper definition updates that Avira has now.
Click to expand...

I highly doubt that is the case. Malwarebytes scan I did *after* the Avira scan. On my other PC I still have Avast, I just updated Avast 5 min. ago so am going to scan that external drive shortly just to appease those who think it is user error. More waste of my time. I highly suspect the 1D1O2 is not me and he is making unfounded insults. Keep up that line of attack and I will be reporting him to the mod.
 
number69 said:
True, but it could also be false positives. Only way to find out is reinstall the mentioned AV programs update them and rescan. Also, he should try the Eset online scanner and other scanners(MSE, etc..) for shits and giggles and see what they come up with.
Click to expand...


I will. I installed a game today that had a trial offer for Eset too and it claims it is a good scanner for gamers so may check it out. That external HDD is connected to two computers and on the other computer is Avast so don't even have to uninstall Avira to scan it with Avast.
I am going to scan it with Avast shortly.
 
guppy said:
I would like to but when I went to download it I was informed it is not available in Canada. China gets it but not Canada, why?
Click to expand...
You have no faith in the Internet. Anyways, it's going to be released soon from what I can tell. It's 'beta' right now but is performing like a released product. MSFT likes to keep some of it's products in seemingly indefinite beta though, kinda like Google :p
 
OK, will wait for it to come out of beta, thanks.

Here's the results a complete scan of the external HDD done by Avast after the Avira results. Only 4 false positives compared to Avira's 89. These are false positives, all of them. sfdvrem.zip is the file used to remove Starforce copy protection and the other 3 files are part of a game mod that Avira says are clean and I have installed right now. Avast found none of what Avira found and Avira found none of what Avast found. Finding false positives is a very common occurence with all malware protection but the Avira detections are just way too much. That Avast scan was very slow compared to Avira but Avast checked more file types. Between these two scans I would say a good 4 hrs of my time has been wasted and made me paranoid for no reason.

03/08/2009 22:07:56 me 3520 Sign of "Win32:Downloader-CPO" has been found in "G:\Backup\Files\sfdrvrem.zip" file.
04/08/2009 00:23:39 me 3520 Sign of "Win32:Trojan-gen {Other}" has been found in "G:\Backup\Mods\CFS3_mods\FirePower_USAAF_Heavy_Bombers_2eto.zip\FirePower_USAAF_Heavy_Bombers_2eto.exe\CFS3 ETO Expansion BDP Zapper.exe" file.
04/08/2009 01:02:27 me 3520 Sign of "Win32:Trojan-gen {Other}" has been found in "G:\Backup\Mods\FirePower_USAAF_Heavy_Bombers_2eto.zip\FirePower_USAAF_Heavy_Bombers_2eto.exe\CFS3 ETO Expansion BDP Zapper.exe" file.
 
It seems to be marking a lot of zipped files you have of "mods" to games. You running game hacks/bots or other things that may not be "stock/default" in games?
 
odd how most of those are in the tocaeditorprojects directory. And they all appear to be FOV related... I find that interesting enough that I would question the source of the binaries.

It's probably considering it a generic trojan because of what the patterns do. If you have executables with code that performs the same logic as a trojan, it may look like an unknown virus. I don't think this is a problem... you should have an 'ignore this file' option.
 
YeOldeStonecat said:
It seems to be marking a lot of zipped files you have of "mods" to games. You running game hacks/bots or other things that may not be "stock/default" in games?
Click to expand...

Yeah, i noticed that too. Those field of view hacks change the game code. It's no wonder why Avira heuristics all call it the same virus for some of those.

I don't see why it's such a big deal though. Add a few "ignore this file" to Avira and be done with it. Avira's heuristics are some of the best. I'd rather get a few false positives on game hacks then nothing at all.

And for the record I've never had a false positive on 4 different systems with Avira.
All that said, bring on the finalized version of MSE! :cool:
 
bigdogchris said:
Download Microsoft Security Essentials. I've read that the testing shows it was rated the highest with no false-positives. I've been enjoying it for a month now. At times has found several times more malware than MWB on systems I've worked on.
Click to expand...

x2 for MSE. Even in beta form, it's been working fantastically. Updates very frequently, detects everything but ignores the false positives, has a _very_ small footprint, doesn't impact the system at all, the list goes on. It's like running Windows Defender; it just runs in the background constantly scanning without slowing anything down at all. You won't even know it's running, and I game all the time.

On that note, Avira is the only other AV I would recommend to anyone (and was the one I used before MSE).
 
You must log in or register to reply here.
Back
Top