bogent

Hi

My Avast Is Update And my Problem is About Trainer Of Video Game.

When I Download A Trainer And Scan This , Avast say : NOT THREAT FOUND , And I Upload Trainer On my Site , But When I Want Download This File From My Site , Avast Give Me a Alert And Say : WIN32.BOGENT Found And Block Download Address , When I Download This File and Scan Again , Avast say : NOT THREAT FOUND

What’s Th Problem ?

One Of the trainer : http://www.restfile.net/sjuz0ojc8b55/I.AM.ALIVE.PLUS7TRN.LINGON.ZIP.html - For Download - From Down Page , Click on GET LINK

upload file(s) to www.virustotal.com and test with 40+ malware scanners (if tested before click rescan)
post scan link here for us to see

alternative test
jotti.org
metascan-online.com

ok tested one file …

22/42
https://www.virustotal.com/file/791126ea4b73d8426d6e827872cdbb43bf54b7b1242a539e5f1e8f8ce71acb47/analysis/1346927871/
http://virusscan.jotti.org/en/scanresult/407c355d4014c54061cbc7045c8cc2efaf34e8c7

avast detect it as PUP - not a virus - Possible Unwanted Program http://searchsecurity.techtarget.com/definition/PUP
Malwarebytes detect it as - VirTool.Obuscator

dont think i want this in my comp :wink:

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=e0f54caac36f4dda13268501b037f26d

Norman sandbox file info

[ DetectionInfo ] * Filename: C:\analyzer\scan\IAAlive+7Tr-LNG.exe. * Sandbox name: NO_MALWARE * Signature name: W32/Troj_Generic.DVHLP. * Compressed: NO. * TLS hooks: YES. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386.

[ General information ]
* Anti debug/emulation code present.
* Display message box (sample.exe) : A debugger has been found running in your system.Please, unload it from memory and restart .
* File length: 2086912 bytes.
* MD5 hash: e0f54caac36f4dda13268501b037f26d.
* SHA1 hash: cebf7a715a0eae3fbac642f8adcf5b4189047d72.

https://www.virustotal.com/file/791126ea4b73d8426d6e827872cdbb43bf54b7b1242a539e5f1e8f8ce71acb47/analysis/

So , You Think it’s Not Dangerous Program Or Bad Software And Not Problem , Right ?

no, i would not trust that

So , What Can I Do now ?

do … ??? dont download it, forget it …but it is your computer so you do as you want

The more so as I get this threat description from MS Virus Encyclopedia

VirTool:Win32/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.

These obfuscation techniques are used on various kinds of malware. The malware that lies “underneath” may have virtually any purpose.


And as we follow the Threat Expert Analysis given in an earlier posting in this thread, we find “Packed.Vmpbad!gen4” → [quote]
Packed.Vmpbad!gen4 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software. This heuristic detection is used to detect threats associated with multiple threat families. [quote] Quote taken from Symentic Security response, low risk level
but
files that are detected as Packed.Vmpbad!gen4 are considered malicious
same quote source Symantic Security Response technical details.
I would therefore classify this rather as riskware than as a possible unwanted program,

polonus