Difficult to say… GData is the same detection as avast (it uses the avast engine/definitions).
I bet on false positive but, can you post the file name and path? Is this file a long time in your computer or it is new?
One person has run this file on my PC without asking me, to prepare bootable floppy.
The file is HDD Sector Scan 3.0 utility (old Floppy Version) from SalvationDATA Technology Inc.
File name is hsr3.0floppysetup.exe It’s SFX RAR archive. I am worry that it can be infected.
I checked EventViewer tasks and find there:
System → Source: Windows File Protection
Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Date: 2008.09.17.
Time: 9:59:49
User: N/A
Computer: UserName
Description:
File replacement was attempted on the protected system file setup.exe. This
file was restored to the original version to maintain system stability. The
file version of the system file is 5.1.2600.5512.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
If the EventViewer info is correct, there was attempt to replace setup.exe, that was done at the same time when this application was launched.
I also run HiJackThis and compared the log with old log I have (3 month back), there appears 3 new keys, is it something legit?
I get zero hits on the CLSID {14148331-078A-44D1-8E7D-14F7C7BBAC8C} on google which is a little strange, but not unusual.
The IP 192.168.4.1 if I’m not mistaken are local network IPs or possibly how you connect/configure your Router. Sorry I don’t use a router or network so I can’t be a lot of practical help.
Do you have a network and or router ?
You could try to enter the 192.168.4.1 address into your browser and see if that does in fact load your router configuration.
If hsr3.0floppysetup.exe is the file you sent to virustotal, then yes it is a possibility and the file should be sent to avast for further analysis, see below.
None of the VT detections are by specific virus signature but generic/heuristic which are more prone to FP.
But, you would also have to ask what it is doing there based on some of the google hits about it some others think it at the very least suspicious.
I asked the program manufacturer, and they believe that the file has been infected by virus, and its not a problem of their original program. I have requested them MD5 checksum of this file, if possible, to compare original with my file.