Avast & Deep Freeze

Avast Free Antivirus / Premium Security
1

Hello.

What is up with the new iAVS update? Now it says that my deep freeze program is a trojan, specifically it says: “Win32:Trojan-gen {Other}”. But this is not true, it’s a false alarm. I also called one of my co-workers who also said that he got the message. Please guys, lets clearify whats going on.

2

Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

Can you say what is the infected file name, where was it found (C:\windows\system32\infected-file-name.xxx)?
What avast! version and virus database are you using? (see About dialog of avast!)

3

Neither F-Secure, AVG, Kaspersky, NOD32 or Symantec says its a virus but several others do.

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 SPR/Tool.303104.3
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
Avast 4.8.1335.0 2009.06.22 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.23 -
BitDefender 7.2 2009.06.23 Application.Generic.34154
CAT-QuickHeal 10.00 2009.06.22 Trojan.Agent.ATV
ClamAV 0.94.1 2009.06.23 -
Comodo 1397 2009.06.23 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.06.23 -
eSafe 7.0.17.0 2009.06.22 -
eTrust-Vet 31.6.6573 2009.06.22 -
F-Prot 4.4.4.56 2009.06.22 -
F-Secure 8.0.14470.0 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 W32/Dx.CG!tr
GData 19 2009.06.23 Application.Generic.34154
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5654 2009.06.22 Generic.dx!cg
McAfee+Artemis 5654 2009.06.22 Generic.dx!cg
McAfee-GW-Edition 6.7.6 2009.06.23 Riskware.Tool.303104.3
Microsoft 1.4803 2009.06.23 -
NOD32 4180 2009.06.23 -
Norman 6.01.09 2009.06.22 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 -
Rising 21.35.12.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.22 -
Additional information
File size: 790821 bytes
MD5 : 9f8ac0ae1708baf9cff91be6e6448706
SHA1 : 8b847dc66dcc5dd683d288fec73479bff624adc3
SHA256: 5ccc96c53fea86c1523dc707bfd04e62033e6f6c90edf040d1fcd799a16066d7
TrID : File type identification
ZIP compressed archive (99.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 12288:zY8BZLrxVe2mQhzaTbbiLng1WoSHQ1s9quT8HnaSKRTOnojvm8J:zLVe2sTbbiLgVkQiEdHajOGe8J
PEiD : -
packers (Kaspersky): ASPack, ASPack
packers (F-Prot): Aspack
RDS : NSRL Reference Data Set

I am currently using Avast 4.8.1282, the iAVS is from 08 (I converter to an older one because of the virus message in the new one). It is only recent that it says its a trojan btw.

The infected file is here:
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

4

It seems a riskware tool, not a malware.
It probably could be used for good or for bad.
Maybe you should upgrade your avast to 4.8.1335