Author Topic: Win32:Trojan-gen{UPX!}  (Read 28622 times)

0 Members and 1 Guest are viewing this topic.

mickeyvdb

  • Guest
Win32:Trojan-gen{UPX!}
« on: June 07, 2004, 08:48:38 PM »
Hi,

After updating AVAST with the library of 07-06-2004, I receive two files which contain the Win32:Trojan-gen{UPX}! virus according Avast.
Before the new library I didn't receive this message.
Looking in the history of the forum, I read an article which was moreless the same.
The result was that it was not a virus but false alarms.

http://forum.avast.com/index.php?board=4;action=display;threadid=1006

The files I am talking about are the singleplayermappack0304.exe and singleplayermappack0404.exe (additional files for the game Blitzkrieg).

Please help me on this issue, is the virus true of false ?

Thanks in advance

Pavel Baudis

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #1 on: June 07, 2004, 10:17:11 PM »
Large bunch of Trojan-gen detections was added in this update, so it could be either newly detected trojan or falser positive. The best way is to send the sample to virus@avast.com for analysis....

Thanks for your cooperation
Pavel

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Win32:Trojan-gen{UPX!}
« Reply #2 on: June 07, 2004, 10:47:53 PM »
Is virus@asw.cz still valid mail for submissions? I have sent some files on this mail something like hour ago.
Visit my webpage Angry Sheep Blog

Pavel Baudis

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #3 on: June 07, 2004, 10:52:22 PM »
Yes, it is valid as well. And I have seen your post - it is most probably FP. We will wait till tommorrow if some other FPs will pop up and release new update with corrected definitions afterwards.

Thanks for your cooperation
Pavel

mrk1283

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #4 on: June 08, 2004, 01:38:39 AM »
I believe this to most definitely be a false detection.

Here is my reasoning

I posted a thread for a help tool here and a user reported that a Trojan was contained in rockXP.exe - baffled by this since i use AVAST and trend online I too it for a false  and thought nothing of it.

Moments ago AVAST updated itself and reported several files in My docs  backups folder had the same Trojan as mentioned above.  These files were self extracting archives which i made using winrar so I extracted the contents and scanned the contents separately to the self extracting archive. The contents were clean every time but the sfx archive exe file was reported to have the Trojan. so I re-compressed the contents to .rar format not .exe and no more problems.

Now, confused by this I scanned the winRAR installer as it is a self extracting installer too and the file Default.SFX was reported to be the Trojan (as mentioned above). winrar was downloaded fresh form rar labs too so could not have been infected locally by any chance

if thats not enough then NERO uninstaller also had the same alert - again, a self extracting uninstaller.

It seems that any file which has the default.sfx or anything similar is reported to have this Trojan which makes more and more sense that this is in fact a false detection is it not?

Finally I extracted RockXP.exe and scanned each file, all clean, the contained self extracting rockXP.exe obviously was created using  winRAR or something as the same results as above.

Hopefully this issue will be fixed in the next update!
« Last Edit: June 08, 2004, 01:45:43 AM by mrk1283 »

nwadel

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #5 on: June 08, 2004, 04:14:25 AM »
I have a similar situation. During a scan for malware, avast found the Win32: trojan-gen. I deleted the file that was infected.
It never found this trojan before. Very strange. ???

simonk83

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #6 on: June 08, 2004, 04:40:43 AM »
3 of my .exe files are getting this alert as well.  I know its a false postive as I have tested the files with 2 online scanners and a couple of free scanners, nothing.   The sooner this is fixed the better as I have had to remove Avast temporarily as I couldn't take the constant sirens going off :D

Simon

JEfromCanada

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #7 on: June 08, 2004, 04:55:36 AM »
I believe this to most definitely be a false detection.

I'm also getting RockXP 3.0 reported as a trojan.  I'm sure it's a false positive, as this was directly downloaded from MajorGeek and has passed all previous virus/spyware scans.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Win32:Trojan-gen{UPX!}
« Reply #8 on: June 08, 2004, 05:08:42 AM »
For me  >:( >:(, false positives of Win32:Trojan-gen{UPX!} in the files:

C:\Program files\themexp\Themexp.org File\53793.zip\+§ ã·¦§\Windows MAX Unleashed v1.5.exe [L] Win32:Trojan-gen. {UPX!}

And AutoIt scripts that I myself wrote (Pavel I sent some of this files before)  >:(

D:\...\AutoIt\Dial-up.exe\[UPX] [L] Win32:Trojan-gen. {VC}
D:\...\AutoIt\Speed Disk at Startup.exe\[UPX] [L] Win32:Trojan-gen. {VC}
D:\...\AutoIt\Atualizar Anti-VÝrus.exe\[UPX] [L] Win32:Trojan-gen. {VC}

I hate false positives, it makes me lose a lot of time  :'(  :'(
« Last Edit: June 08, 2004, 05:09:33 AM by Technical »
The best things in life are free.

cjtc

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #9 on: June 08, 2004, 05:20:05 AM »
Yup. I'm getting it with default.sfx which is contained within the WinRAR distribution. Yet it checks out OK with TrojanHunter, TDS-3, Tauscan and Trend Micro HouseCall.

I believe this also to be a false positive. File has been sent to Alwil for inspection.
 

NAMOR

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #10 on: June 08, 2004, 05:28:04 AM »
Quote
Yup. I'm getting it with default.sfx which is contained within the WinRAR distribution. Yet it checks out OK with TrojanHunter, TDS-3, Tauscan and Trend Micro HouseCall.

I believe this also to be a false positive. File has been sent to Alwil for inspection.


Same here, did full scan with TrojanHunter and DrWeb..... Nothing.

nwadel

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #11 on: June 08, 2004, 05:39:01 AM »
Avast just went off again on another Win32:Trojan-gen,   i clicked on Delete file and the window went away. I went into the virus chest and there is nothing listed . i also went into log viewer and nothing is listed there. How do i know it deleted ? Is this a false pos. or is it really a Trojan? This is irritating, maybe i'll try online scans to see if it comes up with anything.

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Win32:Trojan-gen{UPX!}
« Reply #12 on: June 08, 2004, 06:46:27 AM »
Pavel what about my thread here is it most likely a FP too?
"People who are really serious about software should make their own hardware." - Alan Kay

Kobra

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #13 on: June 08, 2004, 07:59:11 AM »
I'm estatic you added more trojan definitions!  I can deal with a couple false positives here and there, and once we work past these few, everything should be rosey..

Keep up the good work.

mickeyvdb

  • Guest
Re:Win32:Trojan-gen{UPX!}
« Reply #14 on: June 08, 2004, 07:23:59 PM »
Hi,

Just updated the library with 0424-1 and restored my files which were in the virus chest.
This time there was no detection of Win32:Trojan-gen{UPX!} .
I don't know what you did, but somehow you found the solution.

Thanks a lot,

This is one of the reasons why I am using Avast  ;)