Archive for December, 2008

FdInstall false-positive, again

Avira Antivir strikes again, with another false-positive in the fdrawcmd.sys installer. The current virus definitions report the FdInstall.dll installer plugin as infected with TR/Dropper.Gen (a “generic trojan detection routine”). As before, avoiding UPX compression on the module is a magic fix. It’s particularly frustrating because the compression isn’t hiding anything, since the original module can […]