Another Avast false-positive ?

[vknab]

When I try to download from the serious sourceforge website, the URL
hxxp://switch.dl.sourceforge.net/sourceforge/ogsconverter/OGSConverter_v2.21_install.exe,
I receive the alert which is attached.

I have already download this exe before, without any prb.

So wonder if it's not the same prb as for uTorrent

Below, are totalvirus results
Antivirus     Version     Dernière mise à jour     Résultat
AhnLab-V3   2008.4.25.2   2008.04.25   -
AntiVir   7.8.0.10   2008.04.27   -
Authentium   4.93.8   2008.04.27   -
Avast   4.8.1169.0   2008.04.28   Win32:Trojan-gen {Other}
AVG   7.5.0.516   2008.04.27   -
BitDefender   7.2   2008.04.28   -
CAT-QuickHeal   9.50   2008.04.26   -
ClamAV   0.92.1   2008.04.27   -
DrWeb   4.44.0.09170   2008.04.27   -
eSafe   7.0.15.0   2008.04.27   -
eTrust-Vet   31.3.5736   2008.04.26   -
Ewido   4.0   2008.04.27   -
F-Prot   4.4.2.54   2008.04.27   -
F-Secure   6.70.13260.0   2008.04.28   -
FileAdvisor   1   2008.04.28   -
Fortinet   3.14.0.0   2008.04.28   -
Ikarus   T3.1.1.26   2008.04.28   -
Kaspersky   7.0.0.125   2008.04.28   -
McAfee   5282   2008.04.25   -
Microsoft   1.3408   2008.04.22   -
NOD32v2   3058   2008.04.27   -
Norman   5.80.02   2008.04.25   -
Panda   9.0.0.4   2008.04.27   -
Prevx1   V2   2008.04.28   Heuristic: Suspicious Self Modifying File
Rising   20.42.00.00   2008.04.28   -
Sophos   4.28.0   2008.04.28   -
Sunbelt   3.0.1056.0   2008.04.17   -
Symantec   10   2008.04.28   -
TheHacker   6.2.92.294   2008.04.26   -
VBA32   3.12.6.5   2008.04.26   -
VirusBuster   4.3.26:9   2008.04.27   -
Webwasher-Gateway   6.6.2   2008.04.27   -
Information additionnelle
File size: 1203440 bytes
MD5...: 31b6791323415d493cb58d38d927036c
SHA1..: 1cd04527e35f63a00e62d84516ac21cfa5747621
SHA256: ca1e71a95f19c61e1168161e843bdeee80631800644ca25bc75157d949d16e16
SHA512: 04ceff729c3d5e2e0625a5b769aa9e586f4d89b61853587b6c7da02e0b520c25
e40f045c6f58533d78009c69e731a706ba3addd88761789f5d25526ba649b821
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x409a54
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x916c 0x9200 6.56 f9c9dd3f4dceede0add0e7309253e897
DATA 0xb000 0x24c 0x400 2.73 4a56e30ca4646e6369d96abeacb0e6f0
BSS 0xc000 0xe48 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd000 0x950 0xa00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xe000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xf000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8b4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x2f7c 0x3000 5.47 f5b87758f605e5685be33b3d33242c20

( 8 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
> user32.dll: MessageBoxA
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
> kernel32.dll: WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
> user32.dll: TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
> comctl32.dll: InitCommonControls
> advapi32.dll: AdjustTokenPrivileges

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=14A6205AF04CA6055C6512313D29DB0054E2BF2A

[DavidR]

I take it you paused the web shield to be able to download the installation file, on order to be able to upload it to VT ?
Obviously it needs to be exactly the same file that you downloaded before. DrWeb doesn't find anything at the link you gave but if you can modify the suspect link so it isn't active but can still easily be read, replace the tt in http with XX will break the link.
hXXp://switch.dl.sourceforge.net/sourceforge/ogsconverter/OGSConverter_v2.21_install.exe

Considering the source (excuse the pun) I would say it is very likely an FP as VT would suggest as one detection is likely heuristics and the avast one trojan-gen is a generic signature trying to catch multiple variants with the one signature.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.