Avira antivirus has just flagged two files as malware - why?

**Spoon-** · May 29, 2026, 09:01 AM

See last message:

Security Software Mishaps (Anti-Virus false positves) - dBpoweramp Forum

https://forum.dbpoweramp.com/forum/read-only/hints-tips-read-only/30980-security-software-mishaps-anti-virus-false-positves/page3#post338945

The following lists security software which is not performing as it should, that is blocking legitimate programs (such as dBpoweramp) from running. There is nothing we can do on our side, we produce legitimate software, virus free for the last 20 years, never once have we supplied a virus, Trojan, spyware with any of our

**Dat Ei** · 2026-06-04T10:02:30+03:00

Hey Spoon,

Norton, Avast, AVG again (they are all the same product)...

this time Sophos Home joined the party. This is the first time that Sophos detects dBpa as a problem (same findings: dMCShell.dll and Ogg Vorbis.dll).

Dat Ei

**Spoon-** · 2026-06-04T11:51:43+03:00

There must be an option in the program to submit the files to examination.

**Dat Ei** · 2026-06-04T13:32:57+03:00

There is an option in Sophos Home to handle this false positive and allow the access on those two DLLs. But I thought it is worth to mention that this release is detected as problematic by Sophos Home too, which has never been the case in the at least 10 years.

I have Sophos Endpoint Control (professional version of Sophos) on my business PC, so I can test that too.

Dat Ei

**Spoon-** · 2026-06-04T13:45:33+03:00

What is it detected as? (the false positive)

**Spoon-** · 2026-06-04T13:53:34+03:00

Ok here is the current detections, dmcshell.dll:

VirusTotal

https://www.virustotal.com/gui/file/b3a0a127bb364a79dd113ed3aa43fbf00e86ffaef045eadfb3d1c43d6dcfed8f?nocache=1

VirusTotal

Nothing flags.

Ogg Vorbis.dll (encoder) just two detect as 'generic':

VirusTotal

https://www.virustotal.com/gui/file/67042fdc7e289a39a6b27ed6289c73bece5ccf10bba4141d5af31d82a61c0bc4?nocache=1

VirusTotal

As the files are analyzed they will be removed from the flagging.

The sad thing is, each time we re-compile the program, the same can happen. The generic detections should be removed from antivirus, they serve no purpose.

**Dat Ei** · 2026-06-04T16:02:57+03:00

Hey Spoon,

here are the details:

Mal/Generic-S: C:\Program Files\dBpoweramp\DSPs\ID Tag Processing.dll
Mal/Generic-S: C:\Program Files\dBpoweramp\encoder\Ogg Vorbis.dll

Those details were generated when I tried to rip a CD. After I have marked both dlls as "false positive", I could rip without any problems.

When I now scan those dll files, Sophos shows no detections at. So I think Sophos has alarmed based on an analysis of the programs bevahior, rather than a typical virus pattern.

Dat Ei

Avira antivirus has just flagged two files as malware - why?

Avira antivirus has just flagged two files as malware - why?

Comment

Comment

Comment

Comment

Comment

Comment

Comment