Aliens vs Predator 2 False Positive

I can’t play game, avast show this: “Win32:Malware-gen” in “lithtech.exe” Client MFC Application

File:
http://www.megaupload.com/?d=WTNB7A00

Can you submit that file to www.virustotal.com ?
Also, can you inform it to avast and that you think it’s a false positive?

VirusTotal 14/42 - P2P-Worm.Win32.Bacteraloh.cv
http://www.virustotal.com/analisis/599795e648481fa0009adbb453708ada57b4c20a9ea0b727b3991c2f1600e0c6-1267874122

Martinss, do you still think it’s a false positive ??? ::slight_smile:

I may be wrong, how fix this? ¿Using another AV product, or waiting? :slight_smile:

looks like you download AVP 2 from p2p instead of buying it.

Warez = malware

or waiting?
waiting for what ?

latest upload, no avast detection… ???..so is it a FP or not…

VirusTotal 11/42
http://www.virustotal.com/analisis/599795e648481fa0009adbb453708ada57b4c20a9ea0b727b3991c2f1600e0c6-1267892065

The difference being two different update dates one for 100305 with avast detections, the second with an update date of 100306 and no avast detection.

So presumably a VPS Update has corrected this detection under win32:Malware-gen.

So if Martinss gets the latest avast virus definitions update he should be OK.

@ Pondus,
You could try uploading it to a more detailed file analysis at, http://anubis.iseclab.org/?action=home or http://camas.comodo.com/cgi-bin/submit, they both produce a more detailed analysis than VT.

@ Pondus, You could try uploading it to a more detailed file analysis at, http://anubis.iseclab.org/?action=home or http://camas.comodo.com/cgi-bin/submit, they both produce a more detailed analysis than VT.
Maybe tomorrow David, i am on 3G now and the upoload speed is slower then......that strange thing you have... ::)....what is the name... ???....." DialUp "...... ;D

3G is theoretically X times faster than dial-up ;D

If mobile service prices weren’t so high and download/upload limits so pathetic I would have bought a 3G dongle for my system ages ago and used that rather than the telephone line :frowning:

HI

I re-send this file to VT and got these results.

Virustotal: http://www.virustotal.com/sl/analisis/599795e648481fa0009adbb453708ada57b4c20a9ea0b727b3991c2f1600e0c6-1268740254

Should I send this file for analysis?

Have a nice day. :slight_smile:

I would send it to either of those two ling I gave for a more detailed analysis back in Reply #8 (that way you get an almost immediate idea if it is malicious). But it wouldn’t hurt to send it to avast for analysis.

comodo
http://camas.comodo.com/cgi-bin/submit?file=599795e648481fa0009adbb453708ada57b4c20a9ea0b727b3991c2f1600e0c6

Anubis
http://anubis.iseclab.org/?action=result&task_id=1c9be7a1291a30c04411d90d0106317dc

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=993324cfbb0dbdbfc411e2e796a1be37

Confirmed from Norman, not FP …W32/Bactera.B

Hi JuninhoSlo,

W32.Bactera is a worm that attempts to spread through file sharing networks
Description details here: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BACTERA.I&VSect=T
Removal instructions: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BACTERA.I&VSect=Sn
write-up by Symantec: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BACTERA.I&VSect=Sn

It could also be a variant of the file infector Virut,

polonus