Win32:Trojan-gen {Other} AND trafly.zip

[Bubbator]

Hi!
I tried to download a game cheat, trafly.zip, and Avast stopped me and prevented "Win32:Trojan-gen {Other}" from being downloaded. The cheat is for Tomb Raider Anniversary and videos of it in use are all over the web. The advice on unofficial Tomb Raider forums was to go ahead, disable antivirus, and not to worry. So, I came here. I see a lot of sad tales of  Win32:Trojan-gen {Other} and a lot of False Positive references.
I am not about to "drink the Kool-Aid" but I am wondering if there is a definitive answer about trafly.zip and FP's on Win32:Trojan-gen {Other} out there?

B.

[Justin_22]

Not to promote cheats and things but to be sure if a File is a false Positive please upload the file to www.virustotal.com and use the "Browse" feature to find the file and post the report here

-Justin

[Bubbator]

Hi and Thanks!
How do I safely upload the file? Avast won't let me download it.
B.

[DavidR]

First pause the web shield, that will allow for it to be downloaded, but don't open it as the standard shield would then alert if you extract the files.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest (or other HDD location) to this folder and upload it to VirusTotal without avast alerting.

[Bubbator]

Super!
Thanks!
Will post when I find out.
Gotta go.
B.

[DavidR]

No problem, glad I could help.

Welcome to the forums.

[Bubbator]

  virustotal.com finds 53% of all engines [19/36] don't like trafly.zip. several different worms are blamed. since trafly is a 'hacking' kind of product I won't trust or install it.
Hats off to your good work!
B.

[Bubbator]

File TRAFly.zip received on 08.03.2008 21:29:19 (CET)
Current status: finished

Result: 19/36 (52.78%)
 Compact Print results 
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - Win32:Trojan-gen {Other}
AVG - - -
BitDefender - - Trojan.Generic.175504
CAT-QuickHeal - - -
ClamAV - - PUA.Packed.NPack-3
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - Win32/VMalum.DCCU
Ewido - - -
F-Prot - - -
F-Secure - - W32/Suspicious_N.gen
Fortinet - - -
GData - - Win32:Trojan-gen 
Ikarus - - Trojan-PWS.Win32.Lmir.beu
K7AntiVirus - - -
Kaspersky - - -
McAfee - - New Malware.aq
Microsoft - - -
NOD32v2 - - -
Norman - - W32/Suspicious_N.gen
Panda - - -
PCTools - - Packed/NSPack
Prevx1 - - Malicious Software
Rising - - Backdoor.Win32.Small.jn
Sophos - - Mal/Packer
Sunbelt - - -
Symantec - - Trojan Horse
TheHacker - - W32/Behav-Heuristic-063
TrendMicro - - PAK_Generic.001
VBA32 - - -
ViRobot - - -
VirusBuster - - Packed/NSPack
Webwasher-Gateway - - Win32.Malware.gen (suspicious)
Additional information
MD5: cd6198bff6697823b96ce45452977c1e
SHA1: 4271bd14bb08fdabba19cc07566c8a1000eb0895
SHA256: 23722ab06618b11d354292ceafe4d16639c4503382f6d3664605b8ab2ccbc5f0
SHA512: daa300227e23f735a05b29eb5565a9c0458c63e783b59541b08de71e202c36ee6a0238d0727b21268e5e5a61d02883bf1f6e7c3594791b9036f490b70ccb49a4

[wyrmrider]

since the detections are general or heuristic how about uploading it to avast for a look-see
actually VT will do that for you
check the detection again in a couple of weeks and see if avast still detects

[DavidR]

I wouldn't rely on VT sending anything to Alwil, as there is no info on when and how these would be sent; also there have been a few posts in the forums that much of what they get from VT isn't good/helpful.

However, in this particular case they wouldn't send anything anyway as the only send samples to participating AVs if they 'don't' detect a sample as infected.

So it is most certainly up to the user to send the sample if they feel it needs further analysis.

[Bubbator]

Hi again,
I sent file to virus@avast.com. I didn't (know how to) password protect it, so I hope it gets there.
B

[DavidR]

You can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

[Bubbator]

OOHHH!
That was easy!
Thanks,
B.
 

[DavidR]

You're welcome, easy is good

[wyrmrider]

I learn something new every post
thanks
DavidR