Author Topic: VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?  (Read 6385 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89331
  • No support PMs thanks
VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« on: June 10, 2004, 11:38:07 PM »
Hi guys,

I have noticed a number of posts relating to Win32:Trojan-gen. {UPX!} warnings.

I have been having a number of them relating to one file, every time I enter a folder it kicks off - I am certain that it is a false alarm since the file it mentions has been on my system for as long as I have had avast! 6 weeks.

The file is a self install exe file and that's is what it is alarming on and none of the programs files it installed only the self extracting exe.

Quote
Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Downloads\Utilities\Install PC-Encrypt.exe" file.


I'm holding off sending it off to virus @ avast.com and see what happens on the next VPS update. This has only been happening since 0424-2 on 9/6/2004.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

silburnl

  • Guest
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #1 on: June 30, 2004, 06:29:19 PM »
I'm getting the same behaviour on a self-extracting zipfile with 427-0. But checking the file against Dr Web gives a clean bill of health and none of the extracted files register as infected, just the archive.

Is this still a problem for you? Did you send a sample in to Alwil?

Regards
Luke

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89331
  • No support PMs thanks
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #2 on: June 30, 2004, 09:14:06 PM »
No.

1.  I basically ignored it, moving the file to a directory I don't scan and awaited the new VPS and program update, no problem after that.

2. having already installed the program, I deleted the program's setup self-extracting exe file. None of the files that were extracted had any sign of infection.

3. I didn't send the file to avast.

Your problem is similar, using an unpacker to look inside the .exe file, the wrong one possible, this could give a false positive. I believe that it is the exe file extension (assumed that it's exe) that is causing it to choose the wrong unpacker.

You don't say what program created the zipfile (if known), if you created it, downloaded it, its name and full path or when and how it was detected, etc.

Those more knowledgable will then be better able to help and avast hopefully correct.
« Last Edit: June 30, 2004, 09:16:52 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

silburnl

  • Guest
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #3 on: June 30, 2004, 10:15:30 PM »
Sorry about the lack of gory details, the file in question was a self-extracting installer I downloaded last week for a demo of a game called ;'Laser Squad Nemesis'.

Currently its stored at:

C:\zzLuke_Downloads\zzMarked4Deletion\LSNinstall-FreeTrial-3-04.exe

I wasn't too worried as I've already installed the demo (which scanned clean) and, as the directory path indicates, I'm going to junk the file in my next spate of housecleaning.

It registered as infected when I ran a scan last night but I saw your comment on the board and decided to recheck it with an up-to-date virus definition (427-0) which I did this afternoon and it still registers as infected.

It weighs in at six megs though, so I didn't want to send it in to Anwil if they were already on top of things, hence my follow up to your post.

Regards
Luke

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89331
  • No support PMs thanks
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #4 on: July 01, 2004, 12:55:58 AM »
Hi Luke,

As you say a bit large to email, that was one of the reasons I didn't send mine also.

It would appear there are still a few false positives related to the {UPX!} unpacker. The aditional activity on this thread will probably bring it into the light again. Perhaks Vlk or Pavel will see it.

Since you have installed the program as I did and no viruses were found in the installed files (or the double check with Dr Web, wise to double check) I think you can be fairly certain you are clear.

If you no longer need the install file you could archive it off to CD. Or move it to a folder and exclude that folder from checks.

David
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #5 on: July 01, 2004, 09:59:36 AM »
Do you happen to have a URL where the problematic installers can be downloaded?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89331
  • No support PMs thanks
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #6 on: July 01, 2004, 03:08:46 PM »
Hi Igor,

This is where my pc-encrypt installer came from http://www.pc-encrypt.com/_site/pce/download.mhtml

David
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9408
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #7 on: July 01, 2004, 03:16:52 PM »
It appears to be FP. Kaspersky and RAV confirmed it OK (no malware).
Visit my webpage Angry Sheep Blog

kareld

  • Guest
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #8 on: July 01, 2004, 04:21:14 PM »
Yes, both files are clean, it's a false alarm. It should be repaired in the next virus database update. Thank you for notice and URL.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89331
  • No support PMs thanks
Re:VPS 0424-2 and Win32:Trojan-gen. {UPX!} - False Alarm?
« Reply #9 on: July 01, 2004, 06:56:15 PM »
That's what I thought, thanks for the acknowlegement and info on the update fix.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security