AVAST-Message: Worm MOTA113.exe

I got that Virus-Warning about “MOTA113.exe”
Avast says its in C\WINDOWS but if I go there
its not there. I ordered AVAST to ERRASE - but
obviously its not errased as it appears again and again.
How can I find & get rid of that MOTA113.exe ???
fog54@gmx.net (Vienna)

I just came here to report this as a possible false positive detection. Do you have SUPER installed?

This was previously reported HERE several months ago.

I sent the file to Avast for further evaluation a few minutes ago.

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

thanks for submitting the sample. This is false positive alert and will be fixed in VPS 080714-0

Thank you, after updating it is no longer detected.

why does avast recently have lots of false positive. i hope they can resolve this issues soon

It is not to dissimilar to the heuristics that I believe you have been asking for, the use of generic signatures indicated by the -gen at the end of the malware name.

They are trying to detect multiple variants of a type of malware with the one signature, quite tricky not unlike heuristics, it is difficult to get the balance right.

Thank you, Tech. I did submit the file to VT first and it came back 9/33 as suspicious and Telock, so basically inconclusive.

Personally, I would rather deal with a few F/P’s than no detection at all. Once something is detected I can chest it while I investigate further.

it’s really annoying to have lots of false positive.

We’re adding detections for thousands samples per day. So i mean the number of false positives is relatively low when compared to amount of newly detected malware. It’s quite difficult to exclude programs, which look similar to malware (open many Internet connections, use unusual protection, …). Off course, the critical falses are not only annoying, but they could be harmful. Anyway - the decision is on the user. “To delete or not to delete” is the point of the confusion of our users. We’re doing the best to protect system files from being deleted even when they are infected. Other false positives are just annoying, we know it and as you can see, we’re trying to fix them quickly. And each badly detected file is added to our cleanset after doing the analysis. This prevents the detection of the same file (or file version) next time.

Ah -the balance
some programs like ad-aware have few false positives
but little detection either
at least on new threats
if you are concerned about first day detections
AND
you frequent hazardous to your health websites: crack, warze, torrents, porn etc
and
love to open unknown attachments
and
just must download the latest qutesy screen saver or Codec
then you need to be running on a virtual machine or be using some kind of Process Guard technology
and consider your system disposable
no antivirus program will keep you certifiably safe under those conditions

Thanks for the effort misak, we really appreciate the protection.

I have today gotten a message about MOTA113.EXE also.

It was during a scan with Ad-Aware Anniversary Edition it was found in the Windows folder, it was ID’ed as Win32:Trojan-Gen
I was not allowed to quarantine or delete the file.
I chose to scan with Avast when booting the computer, it also found it and said it was infected with Win32:Trojan-Gen
I simply chose to delete the file, since Avast also ID’ed it to be infected.

Then i will see if this file turns up again.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

Whilst it may not be a problem in this case (see below), it isn’t a good habit to get into, it could well bite you in the rear in the future.

What is the infected file name/s for the win32:trojan-gen detections, where was/were it/they found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

I honestly don’t feel that adaware in any incarnation is a particularly good anti-spyware application, there are many better (SAS and MBAM), but this adaware AE version (reminds me of the WinME version and we know just how good that was) and that comes with an AV and it isn’t good to have two resident AVs.

I haven’t used adaware for a couple of years and it didn’t have an AV then, but some AVs load their signatures into memory to speed scans and it could be that avast is detecting that.

Dear Avast Forum Users,

Today I too received the report of the MOTA113.exe infection and the SUPER infection as mentioned earlier in this thread. Did a boot time scan and the details are as follows:

02/22/2009 12:54
Scan of all local drives

File C:\Program Files\eRightSoft\SUPER\spk\Movawin.spk[tElock][PECompact][Embedded_I#15e7bc][tElock] is infected by Win32:Trojan-gen {Other}
File C:\WINDOWS\MOTA113.exe[tElock] is infected by Win32:Trojan-gen {Other}

I scanned my system with:

  • Blacklight anti-rookit - no infections or other items found
  • MBAM - no infections or other items found
  • Spybot - no infections or other items found
  • Rootalyzer - no infections or other items found
  • ZA Anti-Spyware - no infections or other items found
  • SuperantiSpyware - no infections or other items found
  • Hijackthis Log submitted to http://www.hijackthis.de/ - no items marked as dangerous

I believe these two items are false positives.

I managed to submit the SUPER file (Movawin.spk) to virustotal and jotti.org and only Avast and one other recognised an infection. Although it said the other virus scanner was only a heuristic detection.

I tried to submit the MOTA113.exe file to both but Avast went mental with the warning things and I clicked ‘no action’ which subsequently resulted in Avast preventing me from uploading them.

In an ironic way I am glad that others have got this message - as it strengthens the possibility that it will be a false positive. Purely for the reason that if everyone reports the same infection at the same time!!

Hope this will be a false positive and hope it will be corrected in the next VPS.

Avastfan1

Aren’t you asking twice the same? Haven’t you open another thread with the same problem? ???

Hi Tech,

No, this is the first post I have made on this topic. This issue only started for me a few days ago.

Thanks,

Avastfan1

Sorry.
You can search the board for MOTA113.exe and you’ll find more info.

Hi Tech,

Thanks for the response. I searched this forum for MOTA113.exe as you suggested. The only thread it returned was this one.

I’m a little unsure how I should proceed on this issue :frowning:

Yours sincerely,

Avastfan1