Avast WEBforum
Other => Viruses and worms => Topic started by: 79ronin on April 24, 2007, 01:48:17 AM
-
Hello.
I wanted to download a patch for Earth 2140 Win Xp Edition. This file can be found on this site:http://files.filefront.com/Earth+2140+Windows+XP+v11+Patch/;5981350;/fileinfo.html (http://files.filefront.com/Earth+2140+Windows+XP+v11+Patch/;5981350;/fileinfo.html)
I found the same file on other sites, but when i want to download this file Avast doesn't allow to do this, it keeps blocking the download and gives a warning, that this file contains a trojan, to be specific: Win32:Trojan-gen. {Other}. I don't know if this file is infected or if this is just a false alarm. I found on the web another site: http://boards.topware.de/archive/index.php/t-25009.html (http://boards.topware.de/archive/index.php/t-25009.html) and there is said that this might be a false alarm, but i don't know what to think about it. I need this file and i would be thankful if someone could let me know what to do in this situation.
-
Pause the Web Shield that will allow it to be downloaded (don't try to run it), save it to disk. The standard shield will probably detect it when it is downloaded, choose 'no action' ignore. Now you can check out the file.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html) I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives (http://forum.avast.com/index.php?board=2;action=display;threadid=7779), how to report it to avast! and what to do to exclude them until the problem is corrected.
-
Update, I have downloaded this file and submitted it to Virus total where only one other AV detects it so I would say there is a very strong possibility it is a FP.
-
Thanks. I couldn't upload the file to any of these sites you mentioned, because i couldn't get through firewall in my router. Do you think i should send this file to Avast crew, so they can do something about this alarm.
-
Yes, and you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
With a copy in the chest you can periodically scan it in the chest and when you see it is no longer detected you can remove the exclusions you created, as outlined in my first post..
Why couldn't it get through your router firewall ?
-
Thanks for your help.
-
No problem, glad I could help.
Welcome to the forums.
Calling it a night now, almost 2 a.m. and I hear my bed calling.
-
Thanks. I couldn't upload the file to any of these sites you mentioned, because i couldn't get through firewall in my router. Do you think i should send this file to Avast crew, so they can do something about this alarm.
It won't harm...
Can you send the samples to virus@avast.com ?
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
You can use Alwil FTP server as a second way to transfer only big files. Upload them to ftp://ftp.avast.com/incoming (please, note that you won't have READ access to the ftp server, just write - so you won't even be able to see what you've just uploaded).
-
I've just sent the file from Chest to Alwil for analysis
-
I've just sent the file from Chest to Alwil for analysis
Thanks. Hope they correct it soon.
-
Hello.
It,s me again. Could someone at least tell me something about this file. Maybe i shouldn't worry about it, consider it as false alarm and mark this file as exclusion in Avast!. Until now it is still being recognized as Win32: Trojan Gen {Other}. I read somewhere, that Avast! sometimes has a glitch and recognizes "healthy" files as the ones containing this kind of Trojan. I would really be thankfull if someone would tell me if i still should keep this file in the chest.
-
Complete scanning result of "e2140update2.exe", received in VirusTotal at 05.10.2007, 12:57:52 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.10.2007 no virus found
AntiVir 7.4.0.15 05.10.2007 no virus found
Authentium 4.93.8 05.10.2007 no virus found
Avast 4.7.997.0 05.10.2007 Win32:Trojan-gen. {Other}
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.10.2007 no virus found
CAT-QuickHeal 9.00 05.09.2007 no virus found
ClamAV devel-20070416 05.10.2007 no virus found
DrWeb 4.33 05.10.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3624 05.10.2007 Win32/SillyDl.LC
Ewido 4.0 05.10.2007 no virus found
FileAdvisor 1 05.10.2007 no virus found
Fortinet 2.85.0.0 05.10.2007 no virus found
F-Prot 4.3.2.48 05.10.2007 no virus found
F-Secure 6.70.13030.0 05.10.2007 no virus found
Ikarus T3.1.1.7 05.10.2007 no virus found
Kaspersky 4.0.2.24 05.10.2007 no virus found
McAfee 5027 05.09.2007 no virus found
Microsoft 1.2503 05.10.2007 no virus found
NOD32v2 2255 05.09.2007 no virus found
Norman 5.80.02 05.09.2007 no virus found
Panda 9.0.0.4 05.09.2007 no virus found
Prevx1 V2 05.10.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.10.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.09.2007 no virus found
Webwasher-Gateway 6.0.1 05.10.2007 no virus found
Avast! sometimes has a glitch and recognizes "healthy" files as the ones containing this kind of Trojan
This is true of any anti-virus, anti-spyware program.
This file is identified by one other AV program as malware. It may well still be a false positive, but my advice would be to wait for the analysis by the avast! team.
-
Frank, I want to thank you on posting the VirusTotal reports.
They give us a very good idea on what is going on with avast detection and false positives :(
-
And a good idea of which AV companies add submitted samples in a timely fashion, too.
Actually I just noticed that DavidR had also submitted this file- he posted an image and images only appear in thumbnail with the new forum software. Sorry David.
-
No problem, you need to click the thumbnail to expand the image, a new feature of the SMF forum software.
But it does show that I uploaded it to VT and submitted it on the 24 April and here it is the 10th May and it is still detected and likely to be a false positive.
-
I know they get bigger when you click on them, but in this case I just didn't notice it. Eyes must be going. :P
-
I'd lend you my glasses if only I could find where I left them ;D ;D
-
It wasn't my eyes- images are not displayed when not logged in- I probably wasn't logged in when I first viewed the thread. Looks like I can put oof buying reading glasses just yet.