Win32:Tiny-WL & Alcohol 120% software w/ tjr.com wesite?

[puppetj]

Iam getting a Win32:Tiny-WL  from Alcohol 120% software that was downloaded from there site, and when i click on the link to report virus form to fill out
that comes up, but also trj.com with also come up and its some religiosity site, i dunno whats going on here i have scanned my entire system and found no viruses
I was already told that the Alcohol 120% is safe and it was a false positive.

[DavidR]

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[puppetj]

Already was told it was am false positive, as i posted and was told to update my iavs i had and that was almost a month ago i was told after this i wont getting an alert but iam still getting it

[Lisandro]

Hope they correct the false positive soon...

[puppetj]

also...Cant download Fairuse wizard 2 lite version Avast say Win32:Adware-gen detected! I heard great this about this program after this came up i did do a search in forums of other things detected, but nothing was ever found with avast i have the latest home version with the latest updates, i can even d/l the software iam forced to abort the download

[Lisandro]

also...Cant download Fairuse wizard 2 lite version Avast say Win32:Adware-gen detected! I heard great this about this program after this came up i did do a search in forums of other things detected, but nothing was ever found with avast i have the latest home version with the latest updates, i can even d/l the software iam forced to abort the download

As a workaround, you need to use the Exclusion lists and boot.

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.

[DavidR]

Already was told it was am false positive, as i posted and was told to update my iavs i had and that was almost a month ago i was told after this i wont getting an alert but iam still getting it

All the more reason to send the sample to avast for further analysis as something has clearly changed.

[puppetj]

also...Cant download Fairuse wizard 2 lite version Avast say Win32:Adware-gen detected! I heard great this about this program after this came up i did do a search in forums of other things detected, but nothing was ever found with avast i have the latest home version with the latest updates, i can even d/l the software iam forced to abort the download

As a workaround, you need to use the Exclusion lists and boot.

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.

so it is a false positive then and its safe to use??

[DavidR]

We simply can't answer that based on the info you have given, which is why I suggested checking at virustotal.

I don't know who told you it was an FP or what file version of alcohol 120% or from when as the previous confirmed FP relating to this was a while ago and was corrected. So if it is back something has changed (signature update, file version update, etc) so it needs confirmation again.

[puppetj]

I sent the file, i couldnt sent it normally since it was 8mb so i broke it up in the zips

as for fairuse wizard 2 here is the false positive virus claim http://www.dvd-guides.com/component/option,com_smf/Itemid,91/action,search2You Tell Me

[puppetj]

This is what i got with VT:

 File Alcohol120_retail_1.9.7.6022.exe received on 10.01.2008 02:28:05 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 5/36 (13.89%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:    
   
Antivirus    Version    Last Update    Result
AhnLab-V3   2008.10.1.0   2008.09.30   -
AntiVir   7.8.1.34   2008.09.30   -
Authentium   5.1.0.4   2008.09.30   -
Avast   4.8.1195.0   2008.09.30   Win32:Tiny-WL
AVG   8.0.0.161   2008.09.30   -
BitDefender   7.2   2008.10.01   -
CAT-QuickHeal   9.50   2008.09.30   -
ClamAV   0.93.1   2008.10.01   -
DrWeb   4.44.0.09170   2008.09.30   -
eSafe   7.0.17.0   2008.09.30   -
eTrust-Vet   31.6.6119   2008.09.30   -
Ewido   4.0   2008.09.30   -
F-Prot   4.4.4.56   2008.09.30   -
F-Secure   8.0.14332.0   2008.10.01   -
Fortinet   3.113.0.0   2008.09.30   -
GData   19   2008.10.01   Win32:Tiny-WL
Ikarus   T3.1.1.34.0   2008.10.01   Virus.Win32.Tiny.WL
K7AntiVirus   7.10.478   2008.09.30   -
Kaspersky   7.0.0.125   2008.10.01   -
McAfee   5394   2008.09.30   -
Microsoft   1.4005   2008.10.01   -
NOD32   3484   2008.09.30   -
Norman   5.80.02   2008.09.30   -
Panda   9.0.0.4   2008.09.30   -
PCTools   4.4.2.0   2008.09.30   -
Prevx1   V2   2008.10.01   Worm
Rising   20.63.62.00   2008.09.28   -
SecureWeb-Gateway   6.7.6   2008.10.01   -
Sophos   4.34.0   2008.10.01   -
Sunbelt   3.1.1675.1   2008.09.27   -
Symantec   10   2008.10.01   -
TheHacker   6.3.0.9.097   2008.09.29   -
TrendMicro   8.700.0.1004   2008.09.30   -
VBA32   3.12.8.6   2008.09.30   suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot   2008.9.30.1398   2008.09.30   -
VirusBuster   4.5.11.0   2008.09.30   -
Additional information
File size: 9009024 bytes
MD5...: 5cabf8181c232911a9f280228c6470f1
SHA1..: 70fe620072ad961967ccda8684571ea35c281814
SHA256: a2bf658de2850b8aa0e7a10ac6cda3605b0c44b034670d8951a5b54fe1b63083
SHA512: 09e2076931c57f1ed013c8052d56845e5ed21817d5f2e4662245fe7c21dc4319
13426a045366242fbbd52395c2c36af7a94c027948fabdb1fea6f5308de78c8d
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403fb9
timedatestamp.....: 0x476cbb7c (Sat Dec 22 07:23:40 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5aa2 0x5c00 6.44 e321260168f6f6365b377540be87fec2
.rdata 0x7000 0x1444 0x1600 5.09 4cbe08bbc7026a4b316e252f05a78951
.data 0x9000 0x1b074 0x200 1.25 ece212d94e773e09c21e94bb7f89f78c
.ndata 0x25000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x30000 0x88e800 0x88e800 8.00 a971c4953e96c59ddf5b9c0787e953f0

( 8 imports )
> COMCTL32.dll: -, ImageList_AddMasked, ImageList_Destroy, ImageList_Create
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> KERNEL32.dll: GetModuleHandleA, SetErrorMode, GetExitCodeProcess, WaitForSingleObject, ExpandEnvironmentStringsA, GetEnvironmentVariableA, lstrcmpiA, CloseHandle, SetFileTime, GetFileAttributesA, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, LoadLibraryA, ExitProcess, GetCurrentProcess, CopyFileA, lstrcpynA, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, GetTempFileNameA, lstrcpyA, lstrlenA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetSystemDirectoryA, RemoveDirectoryA, GlobalFree, MulDiv, GetProcAddress, FreeLibrary, MultiByteToWideChar, DeleteFileA, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, GetModuleFileNameA
> USER32.dll: SetWindowTextA, SetTimer, DestroyWindow, CreateDialogParamA, ExitWindowsEx, CharNextA, GetSysColor, GetWindowLongA, LoadCursorA, SetCursor, CheckDlgButton, ScreenToClient, GetMessagePos, CallWindowProcA, IsWindowVisible, LoadBitmapA, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuA, CreatePopupMenu, GetSystemMetrics, EndDialog, SetClassLongA, IsWindowEnabled, SetWindowPos, DialogBoxParamA, GetClassInfoA, CreateWindowExA, SystemParametersInfoA, RegisterClassA, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, PeekMessageA, DispatchMessageA, InvalidateRect, SendMessageA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, DefWindowProcA
> GDI32.dll: GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SetBkColor, SelectObject
> ADVAPI32.dll: RegDeleteKeyA, RegEnumKeyA, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegCloseKey
> SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetMalloc, SHGetSpecialFolderLocation, SHFileOperationA, SHGetPathFromIDListA
> ole32.dll: OleUninitialize, OleInitialize, CoCreateInstance

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=51FE1D538016F9AB77EE890DCDF528008A5071B0

[puppetj]

and here is the info on fairuse wizard 2 from VT :


 File FU-Setup_LE.exe received on 10.01.2008 02:34:29 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/36 (5.56%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:    
   
Antivirus    Version    Last Update    Result
AhnLab-V3   2008.10.1.0   2008.09.30   -
AntiVir   7.8.1.34   2008.09.30   -
Authentium   5.1.0.4   2008.09.30   -
Avast   4.8.1195.0   2008.09.30   Win32:Adware-gen
AVG   8.0.0.161   2008.09.30   -
BitDefender   7.2   2008.10.01   -
CAT-QuickHeal   9.50   2008.09.30   -
ClamAV   0.93.1   2008.10.01   -
DrWeb   4.44.0.09170   2008.09.30   -
eSafe   7.0.17.0   2008.09.30   -
eTrust-Vet   31.6.6118   2008.09.30   -
Ewido   4.0   2008.09.30   -
F-Prot   4.4.4.56   2008.09.30   -
F-Secure   8.0.14332.0   2008.10.01   -
Fortinet   3.113.0.0   2008.09.30   -
GData   19   2008.10.01   Win32:Adware-gen
Ikarus   T3.1.1.34.0   2008.10.01   -
K7AntiVirus   7.10.478   2008.09.30   -
Kaspersky   7.0.0.125   2008.10.01   -
McAfee   5395   2008.10.01   -
Microsoft   1.4005   2008.10.01   -
NOD32   3484   2008.09.30   -
Norman   5.80.02   2008.09.30   -
Panda   9.0.0.4   2008.09.30   -
PCTools   4.4.2.0   2008.09.30   -
Prevx1   V2   2008.10.01   -
Rising   20.63.62.00   2008.09.28   -
SecureWeb-Gateway   6.7.6   2008.10.01   -
Sophos   4.34.0   2008.10.01   -
Sunbelt   3.1.1675.1   2008.09.27   -
Symantec   10   2008.10.01   -
TheHacker   6.3.0.9.097   2008.09.29   -
TrendMicro   8.700.0.1004   2008.09.30   -
VBA32   3.12.8.6   2008.09.30   -
ViRobot   2008.9.30.1397   2008.09.30   -
VirusBuster   4.5.11.0   2008.09.30   -
Additional information
File size: 8214801 bytes
MD5...: c12ff23dde2257a91e59da88c9dcdda1
SHA1..: 9312a535e9dd9034f50c2e62ec6199a9cd035b8b
SHA256: 5cc46ecb7d51f4aeffa597a9864777f75ada6f8a4be430870fde0251742aa0b1
SHA512: 7898a55a24050d42c211d2da9a46875954e5e879cdc4fe2ad69494c9e1a8e5d1
3ad1463926ef95f9a199621ff44ef7488062cd6e43f8c6182add347aa12a14da
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40998c
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x909c 0x9200 6.55 5c85f6eca8dd457c844f53af07a11be7
DATA 0xb000 0x24c 0x400 2.73 e79cf3fe610f881d632107e630eb8d98
BSS 0xc000 0xe3c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd000 0x950 0xa00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xe000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xf000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8b0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x17b84 0x17c00 4.85 2a67077ee2bbad38baa408c861979558

( 8 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
> user32.dll: MessageBoxA
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
> kernel32.dll: WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
> user32.dll: TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
> comctl32.dll: InitCommonControls
> advapi32.dll: AdjustTokenPrivileges

( 0 exports )

[CharleyO]

***

According to Prevx, Alcohol120_retail_1.9.7.6022.exe is known malware belonging to the Malware Group: I-Worm/Stration DTP

http://spywarefiles.prevx.com/RRFGHJ44147697/ALCOHOL120_RETAIL_1.9.7.6022.EXE.html

A ScanDoo/Google search finds too many bad sites associated with this version Alcohol 120.
The first image below is just a small sample of the bad results.

As for Fairuse wizard 2, I do not have the executable and therefore can not find information about it.
But, there are also too many bad sites associated with the program itself.
See the second image below. Again, this is just a small sample of the bad sites.

As for me, I would not use any program with so many bad associations. But, the computer is yours as is the choice, also.


***

[misak]

Thx puppetj for sending file to virus@avast.com. Retail version of Alcohol120 1.9.7.6022 is falsely detected by Avast (so Prevx1 and Ikarus). Other versions is false alerts free. This false positive alert will be fixed in VPS 081001-0.

[CharleyO]

***

Thanks for the updated info, misak.   


***