« previous next »
Pages: [1]   Go Down

Author Topic: Trojan-gen. {UPX!}  (Read 2798 times)

0 Members and 1 Guest are viewing this topic.

Impster

  • Guest
Trojan-gen. {UPX!}
« on: March 19, 2007, 05:39:10 PM »
So one of my guys has written a SQL program and compiled it.  But avast keeps saying that the program is infected with UPX. Any ideas on why this would be reporting it like this?

Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Trojan-gen. {UPX!}
« Reply #1 on: March 19, 2007, 07:24:11 PM »
To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file -  there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
Logged
The best things in life are free.

Tode

  • Guest
Re: Trojan-gen. {UPX!}
« Reply #2 on: March 20, 2007, 10:22:48 AM »
I also had false positives yesterday with some compiled AutoIt scripts that were packed with UPX.   I downloaded the latest AutoIt release that had a newer version of upx.exe, and recompiled the scripts.   Avast now doesn't give a false positive on them.    So I suggest you look around for a recent version of upx.exe (mine is dated December 2006), rename your existing upx.exe, put the new one in the same folder, and recompile.  You can get upx.exe as part of the AutoIt free download at http://www.autoitscript.com/.

Great nuisance these false positives.  Not knowing better, I did a full machine scan.  Avast found the "virus" (actually earlier versions of my compiled scripts) in lots of old system restore files, and every time, it stopped and asked me what to do.  So the PC was out of action for most of the evening.  Luckily I hadn't distributed these files to others, that would have been a real pain.
Logged

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11855
    • AVAST Software
Re: Trojan-gen. {UPX!}
« Reply #3 on: March 20, 2007, 10:29:46 AM »
Can you please send us those older versions of the autoit scripts (as mentioned in Tech's post) - so that we can fix the problem?
Thanks.
Logged

Tode

  • Guest
Re: Trojan-gen. {UPX!}
« Reply #4 on: March 20, 2007, 11:51:56 AM »
Quote
Can you please send us those older versions of the autoit scripts (as mentioned in Tech's post) - so that we can fix the problem?

I submitted one of the compiled scripts to Virus Total. 
Avast and some other progs found a trojan.  But AVG, F-Prot, F-Secure, Kaspersky, McAfee, Microsoft, Panda, Sophos, Symantec and a number of less well known others found nothing. 

Therefore I still think it was a false positive and will submit it to you.
Thanks.
Logged
Pages: [1]   Go Up
« previous next »