Archive type: NSIS --> [PluginsDir]/OCSetupHlp.dll [DETECTION] Contains patterns of software PUA/OpenCandy.Gen [WARNING] Infected files in archives cannot be repaired
I immediately submitted this as a false positive and requested Avira remove this designation immediately.
I just got a reply this morning. They are not removing the virus designation.
I have the Setup file in way too many places to zip and password protect them all, thereby not allowing them to be scanned by antivirus engines.
I will eventually do that but if you guys wanted to do something about this, Avira has one of the best freeeware antivirus engines, it is a *very* popular freeware antivirus program, I post in multiple computer forums and base my opinion on its popularity on that. Good luck, I hope you figure this out, this just started happening recently....
Dear Sir or Madam, Thank you for your email to Avira's virus lab.
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result 28656078 SetupImgBurn_2580.exe 3.31 MB RISK
Please find a detailed report concerning each individual sample below:
Filename Result SetupImgBurn_2580.exe RISK
The file 'SetupImgBurn_2580.exe' has been determined to be 'RISK'. Our analysts named the threat PUA/OpenCandy.Gen. This class of detection flags, Potentially Unwanted Applications (PUA), may compromise the user’s privacy and the security of the local system. These are legitimate applications that often try to use social engineering to make the user install additional offers during the installation of the software the user originally wanted. A PUA classification of an application is the result of software, an advert or a website exhibiting one or more offending behaviors and/or properties. A full PUA list is available at http://www.avira.com/en/potentially-unwanted-applications. This detection doesn't mean that the file is malicious. However, if the file was installed on the system without the user's knowledge, the user’s privacy or system secur ity might be compromised. Disabling this detection is only recommended for advanced users that understand the risks and how to use these applications. This file is detected by a special detection routine from the engine module.
Alternatively you can see the analysis result here: https://analysis.avira.com/en/status?uniqueid=BUD4b376sJtU9B8GkLFGCsIpktLOgBIx&incidentid=1949650 An overview of all your submissions can be found here: https://analysis.avira.com/en/overview?uniqueid=BUD4b376sJtU9B8GkLFGCsIpktLOgBIx
Please note: If you have specific questions, please visit our website http://www.avira.com/en/support for further details. Kind regards Avira Virus Lab
--------------------------------------------- Avira Operations GmbH & Co. KG Kaplaneiweg 1, 88069 Tettnang, Germany Phone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-500 3000 Internet: http://www.avira.com CEO: Travis Witteveen Headquarter: Tettnang Commercial register: AG Ulm HRB 630992