The real truth about AVAST Antivirus!

Do you remember that on December 06, 2012 AVAST deleted TCPIP.SYS from thousands computers?
As a result: “No network connection of my computer. “
forum.avast.com/index.php?topic=110804.0

I have never used AVAST earlier and I supposed that it was only a bug.
We released the small free tool to rescue users before AVAST updated their databases:
http://greatis.com/unhackme/tcpip-sys-restore.htm


Will you remove it?
1 0

Download Removal Tool for Free

But, I have recently got a message from my client:

Ticket ID: FVI-SCQQP-805: Avast Anti-virus recognized one of your program processes as a Trojan and blocked the connection:
Infection Blocked
URL:
www.greatis.com/appdata.exe%7Cgreatis.rdb
Infection: AutoIt:Agent-KP [Trj]
Relax, your avast! just saved you from a virus.
Please explain…!

Greatis.rdb is a virus encyclopedia. It includes only virus file names. There is no executable code in that file.
I spent some time to post a false positive ticket on the Avast web site.

Two days of silence…

The answer:
Hello,
Thank you for contacting AVAST Software company with your concerns.
It’s not false positive, detection is correct.
If you need further assistance, don’t hesitate to contact me again.

Miroslav Jenšík
Technical Support Engineer
AVAST Software a.s.

Link here:
http://greatis.com/appdata/false-avast/ticket1.png

I asked for information:
I would like to get the detailed report of your test.

Answer after 2 days of silence:
http://greatis.com/appdata/false-avast/ticket2.png

Hello,
Contains unencrypted virus signatures, thus it will trigger avast! as it sees the signatures.
Miroslav Jenšík
Technical Support Engineer
AVAST Software a.s.

I wasted some time before I found the signature.
It was really simple and stupid.
I have never even thought  how much stupid it is.

I shared the files to confirm my discover.

This file is detected as a virus:
http://greatis.com/appdata/false-avast/false-detect/appdata.exe
Of course, it is absolutely clean.
Virustotal  test (1/47):

https://www.virustotal.com/en/file/45ec92cc3e09f4f87c7932d75983153cb6d95ea4026ee473e20e00c14d613b7e/analysis/1383216861/
Only one of 47! Who is this one? Of course, Avast.

Small magic, fixing the database.rdb:
http://greatis.com/appdata/false-avast/clean/appdata.exe

VirusTotal Test of appdata.exe (0/47):

https://www.virustotal.com/en/file/d5d513adee4ffc138ac2f0fbc83bfa4362dcc5b16df2d251fb39632ea303646f/analysis/1383217269/

Where is the change?

Here is a signature:

%WINDIR%\FACEBOOK LIKE HACK V1.5.1.EXE

That’s all! Avast detects a virus by a simple text string. It is a super stupid.
Be careful! Next time Avast deletes your important files as viruses!

I don’t know what other signatures they have.

After that, I made a short test of Avast with Sprotector Adware and, of course, Avast failed this simple test.

 

Addons installed, Google search is redirected.

Keep away from Avast for your safety.

 


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.

Enjoy!

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...