{"id":23216,"date":"2013-10-31T18:06:24","date_gmt":"2013-10-31T14:06:24","guid":{"rendered":"http:\/\/greatis.com\/blog\/?page_id=23216"},"modified":"2014-06-03T22:07:40","modified_gmt":"2014-06-03T18:07:40","slug":"do-not-trust-avast-antivirus","status":"publish","type":"page","link":"https:\/\/greatis.com\/blog\/do-not-trust-avast-antivirus","title":{"rendered":"The real truth about AVAST Antivirus!"},"content":{"rendered":"
<\/div>

Do you remember that on December 06, 2012 AVAST deleted TCPIP.SYS from thousands computers?
\nAs a result: \u201cNo network connection of my computer. \u201c
\nforum.avast.com\/index.php?topic=110804.0<\/p>\n

I have never used AVAST earlier and I supposed that it was only a bug.
\nWe released the small free tool to rescue users before AVAST updated their databases:
\nhttp:\/\/greatis.com\/unhackme\/tcpip-sys-restore.htm<\/a><\/p>\n

But, I have recently got a message from my client:<\/p>

<\/div>\n

Ticket ID: FVI-SCQQP-805:\u00a0Avast\u00a0Anti-virus recognized one of your program processes as a Trojan and blocked the connection:
\nInfection Blocked
\nURL: <\/em>www.greatis.com\/appdata.exe%7Cgreatis.rdb
\n Infection: AutoIt:Agent-KP [Trj]
\nRelax, your\u00a0avast! just saved you from a virus.
\nPlease explain…!<\/em><\/p>\n

Greatis.rdb is a virus encyclopedia. It includes only virus file names. There is no executable code in that file.
\nI spent some time to post a false positive ticket<\/strong> on the Avast web site.<\/p>\n

Two days of silence\u2026<\/strong><\/p>\n

The answer:
\nHello,
\nThank you for contacting AVAST Software company with your concerns.
\nIt’s not false positive, detection is correct.
\nIf you need further assistance, don’t hesitate to contact me again.<\/em>
\nMiroslav Jen\u0161\u00edk
\nTechnical Support Engineer
\nAVAST Software a.s.<\/em><\/p>\n

Link here:
\nhttp:\/\/greatis.com\/appdata\/false-avast\/ticket1.png<\/a><\/p>\n

I asked for information:
\nI would like to get the detailed report of your test.<\/strong><\/p>\n

Answer after 2 days of silence:
\nhttp:\/\/greatis.com\/appdata\/false-avast\/ticket2.png<\/a><\/p>\n

Hello,<\/em>
\n Contains unencrypted virus signatures, thus it will trigger avast! as it sees the signatures.<\/em><\/strong>
\nMiroslav Jen\u0161\u00edk
\nTechnical Support Engineer
\nAVAST Software a.s.<\/em><\/p>\n

I wasted some time before I found the signature.
\nIt was really simple and stupid.
\nI have never even thought\u00a0 how much stupid it is.<\/strong><\/p>\n

I shared the files to confirm my discover.<\/p>\n

This file is detected as a virus:
\nhttp:\/\/greatis.com\/appdata\/false-avast\/false-detect\/appdata.exe<\/a>
\nOf course, it is absolutely clean.
\nVirustotal \u00a0test (1\/47):<\/strong>
\nhttps:\/\/www.virustotal.com\/en\/file\/45ec92cc3e09f4f87c7932d75983153cb6d95ea4026ee473e20e00c14d613b7e\/analysis\/1383216861\/<\/a>
\nOnly one of 47! Who is this one? Of course, Avast.<\/p>\n

Small magic, fixing the database.rdb:
\nhttp:\/\/greatis.com\/appdata\/false-avast\/clean\/appdata.exe<\/a><\/p>\n

VirusTotal Test of appdata.exe (0\/47):<\/p>\n

https:\/\/www.virustotal.com\/en\/file\/d5d513adee4ffc138ac2f0fbc83bfa4362dcc5b16df2d251fb39632ea303646f\/analysis\/1383217269\/<\/a><\/p>\n

Where is the change?<\/p>\n

\"\"<\/p>\n

Here is a signature:<\/p>\n

%WINDIR%\\FACEBOOK LIKE HACK V1.5.1.EXE<\/strong><\/p>\n

That\u2019s all! Avast detects a virus by a simple text string. It is a super stupid.
\nBe careful! Next time Avast deletes your important files as viruses!<\/strong>
\nI don\u2019t know what other signatures they have.<\/p>\n

After that, I made a short test of Avast with Sprotector Adware<\/strong> and, of course,\u00a0Avast failed this simple test<\/strong>.<\/p>\n

\"\"<\/p>\n

 <\/p>\n

Addons installed, Google search is redirected.<\/strong><\/p>\n

Keep away from Avast for your safety.<\/strong><\/p>\n

 <\/p>\n

<\/div>","protected":false},"excerpt":{"rendered":"

Do you remember that on December 06, 2012 AVAST deleted TCPIP.SYS from thousands computers? As a result: \u201cNo network connection of my computer. \u201c forum.avast.com\/index.php?topic=110804.0 I have never used AVAST earlier and I supposed that it was only a bug. We released the small free tool to rescue users before AVAST updated their databases: http:\/\/greatis.com\/unhackme\/tcpip-sys-restore.htm […]
More…<\/u><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/greatis.com\/blog\/wp-json\/wp\/v2\/pages\/23216"}],"collection":[{"href":"https:\/\/greatis.com\/blog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/greatis.com\/blog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/greatis.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/greatis.com\/blog\/wp-json\/wp\/v2\/comments?post=23216"}],"version-history":[{"count":0,"href":"https:\/\/greatis.com\/blog\/wp-json\/wp\/v2\/pages\/23216\/revisions"}],"wp:attachment":[{"href":"https:\/\/greatis.com\/blog\/wp-json\/wp\/v2\/media?parent=23216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}