Hi friends!!

[garybear]

Hi friends. This is not my strong point. A friend sent this in email, and asked me what is was. I don't have a clue. He is using avira AV. Can anyone help me explain this to him. I had suggested Seagate For Windows to him. He said he got this when he tried to down load the program. I researched it on Google but I didn't understand what they were telling me. All help will be appreciated.===garybear PS not even sure where to post this.

[enoskype]

I have moved the post as a thread here garybear.

 

It will find more attention I believe.

 

Most probably a false positive from Avira.

 

Cheers.

[pyrath]

more than likely it's a false positive...i downloaded the program and scanned it with system mechanic antivirus and it said it was clean.

[itobe]

Hi

 

Hi friends,

 

Long time no see.

 

Agree with enoskype, it must be a FP of Avira. I had tried the same page and I used MSE, not any warning there.

 

Cheers.

[garybear]

Thanks friend!!!

 

I have moved the post as a thread here garybear.

 

It will find more attention I believe.

 

Most probably a false positive from Avira.

 

Cheers.

 

Hi enoskype. Thanks my friend. I have no idea what to tell my friend. Viruses are not in my pay grade. I told him I have friends that will help on my forum. Thanks for moving my post. I had no clue where to post. Didn't want to start a new thread for this, but if you did, then that's fine. I hope it's a falsey:-D===garybear

[sunny staines]

we all agree here a false positive

[garybear]

Hi friends Thank You !!!

 

Ok. Thank you everyone. I understand that it is unanimous vote that this is a false positive. What I don't understand is when I search TR/Dropper.Gen on Google, there are people that say they have this virus and can't get rid of it. If it's not a virus, why do people think they have it and want to know how to get rid of it?===garybear

[enoskype]

Gary, I will try o explain in simple terms.

It is what the heuristic detection is, Avira (any A/V, anti-malware software) thinks that the file concerned behaves or has a pattern similar to TR/Dropper.Gen virus, when infact it is not a virus and only wrong perception/detection by Avira (any A/V, anti-malware software), and that is called false positive, on the other hand, some people have the real TR/Dropper.Gen virus which they can not get rid of. These are the nasty ones and all the A/V and antimalware software are trying to catch and get rid of these.

 

Cheers.

[garybear]

Hi enoskype!!!

 

Gary, I will try o explain in simple terms.

It is what the heuristic detection is, Avira (any A/V, anti-malware software) thinks that the file concerned behaves or has a pattern similar to TR/Dropper.Gen virus, when infact it is not a virus and only wrong perception/detection by Avira (any A/V, anti-malware software), and that is called false positive, on the other hand, some people have the real TR/Dropper.Gen virus which they can not get rid of. These are the nasty ones and all the A/V and antimalware software are trying to catch and get rid of these.

 

Cheers.

Hi enoskype. Thanks friend. I'm learning about all of this. I think I understand most of all your telling me. If my friend gets this warning and denies access, then Avira will allow him to down load the program. Then he can check the program for a virus before he allows it to install on his PC. If the program is infected will Avira also tell him the program has a virus??? I down loaded a program to my desk top soon after I installed MSSE. After unblocking the program and starting to install it, MSSE gave me a warning, and so I denied it and deleted the program. I sent the file to VirusTotal, and they said only two AV programs were showing this as a virus, so I guess it was OK, but I decided not to mess with the program and aborted my install. I have one more question. How do you get this TR/Dropper. Gen Trojan??? PS This is all new to me, and I want to learn, so I can help all my friends In Oklahoma. Please correct any of my untrue statements in this post. Thanks to all my friends who posted and for your explanation MR. enoskype!!!===garybear

[enoskype]

Hi Gary, I don't know what exactly the wording of Avira when it finds a virus, but after allowing the program to be downloaded, it is good idea to upload it to VirusTotal as you did in your case, and be sure that the file is clean.

 

Probably, after install or during install, Avira will find the same heuristic again. If you are sure that it is clean, allow it to install.

 

Some components used in some files are detected as TR/Dropper. Gen Trojan, Avira even finds Combofix having this component.

 

This virus comes as a component in the setup files and then resides in the PC in a dll, exe, etc. file.

 

It is advisable to delete all the System Restore Points if a real virus is found in a PC even after removal of that virus.

 

Cheers.

[wildwillie]

I somewhat agree, but not completely.

 

I'm using Avira, and I've experienced the same thing on Seagates website.

The part that confuses me is that Avira stops me cold when I try to download Seatools for Windows. It claims that it encountered the TR/Dropper.Gen virus.

Then when I tell Avira to deny access Avira goes away and I can and do continue to download the program.

 

After I download the prg., I had Avira scan the program and it came out clean.

 

...So if that TR/Dropper.Gen wasn't a virus, why was it SEPERATE and not an actual part of the program I was trying to download?

I tried this repeatedly to check it and always got the same result.

This so called virus or false positive?? is apparently seperate from but accessed simultaneously with the program...

 

PS. I'm a BIG FAN of Macrium Reflect... NOTHING scares me anymore, 'cause I regularly create back images.. almost daily... so I can just reinstall & I'm back where I was.

[enoskype]

Some components used in some files are detected as TR/Dropper. Gen Trojan, Avira even finds Combofix having this component.

 

...So if that TR/Dropper.Gen wasn't a virus, why was it SEPERATE and not an actual part of the program I was trying to download?

 

Hi wildwillie,

 

Not all of the components of an install file integrates to the installed software. That's why I said probably.

 

If you take the setup file out from the vault of Avira, Avira will find the same false positive in the downloaded setup file.

That component is embedded in the setup file, so it is not a seperate item, but a part of setup file.

 

Cheers.

[wildwillie]

Hi wildwillie,

 

Not all of the components of an install file integrates to the installed software. That's why I said probably.

 

If you take the setup file out from the vault of Avira, Avira will find the same false positive in the downloaded setup file.

That component is embedded in the setup file, so it is not a seperate item, but a part of setup file.

 

Cheers.

 

I can understand what you're saying, but what I don't understand is why I don't get a false positive when I have Avira scan the downloaded file prior to installation.

I get the virus warning BEFORE I download the file. I then tell Avira to deny access and then I continue to download the file.

 

Thanks. WW

[enoskype]

Since you tell Avira to deny access before downloading, do you take out the downloaded setup file out of the vault of Avira before you scan the file with Avira after download?

 

Cheers.

[danburrito]

I just downloaded and scanned the file in question from the original post. Avira AntiVir Personal regarded it as clean, with heuristics on high.

 

http://forums.iobit.com/attachment.php?attachmentid=4344&stc=1&d=1266880449

[enoskype]

Hi danburrito, I wonder if you and wildwillie have the same updated database!!!

 

I understand from your post that even before download, your Avira did not detect anything.

 

Cheers.

[danburrito]

Hi danburrito, I wonder if you and wildwillie have the same updated database!!!

 

I understand from your post that even before download, your Avira did not detect anything.

 

Cheers.

 

wildwillie's database may not have been up-to-date, enoskype.

 

My database was current with the posting of my scan result and have not received a detection alert before, while or after downloading the file in question.

[wildwillie]

false positives

 

Since you tell Avira to deny access before downloading, do you take out the downloaded setup file out of the vault of Avira before you scan the file with Avira after download?

 

Cheers.

 

Hi Enoskype..

Please excuse my delay in replying to your question..

 

No Alvira didnt put the downloaded file into a Vault. It downloaded it where I want it to be without any problems. I then scanned the file and it was clean. That's why I wondered if the false positive or whatever it is WAS SEPERATE from the file.

 

Apparentlly as has been stated, the alert that Avira gave me each and every time I tried to download the prg. was a false positive.

(And I think I tried 4 times.)

 

Avira gave me the alert each time BEFORE I downloaded the file.

 

AND my copy of Avira IS the LATEST VERSION & I DID CHECK for updates.

 

I don't know what's going on, but I went back to the site the next day and DIDN'T get any alert at all. :?:

 

I'm still confused, but I'm not gonna worry about it anymore.

 

Thanks for the comments..