Avast detects Win32:Gendal-AG [Trj] - how can I find out more about this?

I went to the website www.faceonbody.com and tried to download the trial version of a program FaceOnBody. Avast popped up a warning that "A trojan horse was found! and identified the file as:
File Name: http://www.faceonbody.com/download/FOB_Install_FB001.exe
Malware name: Win32:Gendal-AG [trj]
Malware type: Trojan Horse
VPS Version: 080411-0, 04/11/2008

I tried to search the avast virus reference but could not find this malware listed. I also did a Google search and only found a few non-English sites that appeared to refer back to Avast. So is this a real virus? A false positive? In general, when Avast identifies a file as malware and identifies the type of malware by name, shouldn’t it be listed in the Avast virus reference? Or cross-referenced somehow to a more common virus name as identified by other AV products?

Thanks in advance.

Yea i get the warning too when im trying to downlaod the program.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

You will need to Pause the Web Shield to be able to download it (enable after downloading) and the Standard Shield will no doubt have a whinge too, select no action.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to copy/move any file this folder and upload it to VirusTotal without avast alerting.

After the VT scan and only avast detects it:
If it is indeed a false positive, add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t there already)where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Thanks for the suggestion. I will download and then upload the file to Avast later. But, as much as I am concerned about a potential false positive, I am also concerned that Avast has notified me of a potential malware, but when I search the Avast virus reference, I get no results. What does the Win32:Gendal-AG malware do? Does it have another name or related malware? It seems to me that if Avast notifies me of a virus, shouldn’t Avast provide me with an explanation as to what this virus is?

Personally I never go looking for malware name as there is no standardisation on naming malware so it can differ from AV to AV. You are more likely to find information on the file name being associated with malware. However in this case being an installation file that is unlikely.

Searching for a malware family name rather than a variant is likely to return more information but there being multiple variants it isn’t going to be specific. See http://www.google.com/search?q=Win32%3AGendal, you can probably see why I don’t go looking.

It’s a file executable (.exe) infector.