Author Topic: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?  (Read 10062 times)

0 Members and 1 Guest are viewing this topic.

Offline Allochthonous

  • Jr. Member
  • **
  • Posts: 51
Re: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?
« Reply #15 on: June 22, 2006, 05:02:47 PM »
UPDATE:

I sent the file to virus@avast.com. I have not received a reply yet

I also chatted with SBC support about it. Here is their "awesome" reposonse:

Jason 8:27 AM  Jun 22 2006
Thank you for using SBC Internet Services. My name is Jason and I have been assigned to your Live Assistance case. While I review the details of your case, please respond back to this message so that I know you are available.

Me:
Can you please tell me what the file "browser.exe" is? It can be found on the SBC DSL Installation CD and is also located in my C:\WINDOWS directory. My Avast!antivirus says that it is malware (a trojan), but I hope that it is a false positive. I would like more information about the file please.

Jason 8:33 AM  Jun 22 2006
I understand that you wish to know about "browser.exe" file. Am I right?

Me:
Yes, that is correct.

Jason 8:40 AM  Jun 22 2006
"browser.exe" is file can be associated with any browser. However, it could be trojan also. For more information about this file, you may visit http://www.malwhere.com/processes/browser.exe.html

Jason 8:40 AM  Jun 22 2006
If you doubt any file to be a virus or Trojan, you may run virus scan for that particular file.

Me:
Yes, i have already read similar information. The problem is that the file on YOUR installation CD is testing positive for a trojan. Are you distributing viruses on your installation CD's?

Jason:
As I have mentioned you that "browser.exe" file is associated with the installation of Browsers. SBC CD contains the Internet Explorer and SBC Yahoo Browser installation files and they can be associated with this file.

Me:
OK, so the "browser.exe" file on the CD is related to either IE or the Yahoo Browser (but you don't know which)? Is this a false positive from my antivirus program then? (I have already reported it to them)

Jason 8:54 AM  Jun 22 2006
Yes, normally this file belongs to the browsers. However, this process name is also used by several malicious applications.

Me:
So is the antivirus program just seeing the name "browser.exe" and thinking the file is malicious?

Jason 8:57 AM  Jun 22 2006
Yes, it might be the case.

Me:
Hmmm. Ok then.

Me:
Thank you for your time.
 
------------

Any further thoughts here?

PK

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?
« Reply #16 on: June 22, 2006, 05:26:02 PM »
Any further thoughts here?

At the risk of sounding like a cynic I'd call this a typical response.

He could have just as easily said "I don't know what you mean but I have several standard answers I can share with you".

If you think browser.exe is a file you might need leave it in the chest for a couple weeks and scan again later.  If it is a false positive it will eventually be corrected and will not be detected any longer.  Personally, I see no need for it on my set up.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline Allochthonous

  • Jr. Member
  • **
  • Posts: 51
Re: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?
« Reply #17 on: June 22, 2006, 05:29:27 PM »
*laugh*

I really don't think it's a file that i need either, but I have left it in my chest anyway.

PK

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84919
  • No support PMs thanks
Re: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?
« Reply #18 on: June 22, 2006, 05:41:00 PM »
Quote from: Allochthonous
I sent the file to virus @ avast.com. I have not received a reply yet
Generally you won't receive an email unless avast requires more information.
From time to time check scan it in the chest (after VPS updates) and see if its infected status changes.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?
« Reply #19 on: June 22, 2006, 05:50:43 PM »
I just submitted it to Jotti again and avast! no longer detects it.  Confirmed with a scan from from the context menu.

But ...

Dr. Web found Trojan.Click.1255
Fortinet found Pahador.F!tr
VirusBuster found Trojan.Autoit.A
VBA32 found Trojan.Click.1255

VBA32 is new to the list.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84919
  • No support PMs thanks
Re: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?
« Reply #20 on: June 22, 2006, 06:00:24 PM »
Looks like VBA32 is using the DrWeb database/engine as Trojan.Click.1255 seems a strange name to be found in more that one detection engine.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Allochthonous

  • Jr. Member
  • **
  • Posts: 51
Re: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?
« Reply #21 on: June 22, 2006, 06:01:18 PM »
Yeah, my virus database just updated and now Avast no longer detects it in the chest or on the CD.

Hmm. Not sure about the others though. Lets give them time I guess.

I am pretty sure it is nothing, but I am still going to leave the file in the chest.

PK

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Win32:Trojan-gen {UPX!} in "browser.exe" - false positive?
« Reply #22 on: June 22, 2006, 06:10:11 PM »
Looks like VBA32 is using the DrWeb database/engine ...

I was thinking the same thing.  Maybe they get updates a day or two later thatn the Dr. Web cusotmers.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)