Archive: Trojan.Kazy and other false positives


Trojan.Kazy and other false positives
I've built installers in NSIS without issue before on this same exact CentOS 6.2 box running v2.46, all have worked fine.

However, I packaged a new software in NSIS today, and my installer gets detected as a virus by some users - Trojan.Kazy.

I know it's just really poor heuristics and not an actual virus, but I still need to solve this problem.

I tried messing with the compression settings, couldn't find anything that changed the results.

Any suggestions?


If you are using the nsisdl plugin you could try switching to inetc.

The best way to fix this problem is to use VirusTotal and report the false positives to each vendor...


Yes - I get false positives often, several this year so far. Sometimes the same vendor will even report it as a false positive a second time for the exact same file they cleared a week or two earlier.

I don't think it is anything to do with NSIS - and for some reason only one of my products is affected, I have four main programs I sell, and lots of "plug in" type installers as well but only one of those programs is repeatedly brought up as a false positive even after rebuilds and new versions. No idea why that is, it doesn't do anything unusual. Except - it is the largest installer, and maybe that means a better chance of a false positive match somewhere in the file? The only thing I can think of, don't think it really explains it.

Yes VirusTotal catches the offending AV product in most cases.

Then, I find this page helpful for finding the right pages and email addresses for all the vendors
http://www.techsupportalert.com/cont...us-vendors.htm

Some reply really quickly within 24 hours, some take several days or more, some don't reply at all but fix the issue so the only way to know if it is fixed is to check again a few days later and see if it is still reported as a false positive.

Robert