DEVBIED.PKG alert valid or false positive?

I just received an alert when starting Visual Studio v6 that DEVBIED.PKG was infected with Win32:Malware-gen. Another virus scanner is not reporting this file as infected. Can anyone confirm whether the report is valid or a FP? Thanks.

Another virus scanner is not reporting this file as infected.
Does this mean that you have two AV installed ?

Upload the file (max 20mb) to www.virustotal.com and check it with 43 scanners, when you have the result copy the URL in the address bar and post it here

The other virus checker is MBAM. I’ll do the upload and check and let you know the results. Thanks.

OK, here’s the link to the Virustotal results:

http://www.virustotal.com/file-scan/report.html?id=480124146c9f36c04b6c6d4ce8556b3fb91272a219d729451ef9a71fe01c798b-1284303212

The majority say it’s not infected. What’s your opinion? Thanks.

And MBAM was updated when you did the scan ?

well i am guessing False Positive with only 2 hits (GData is using avast and Bitdefender virus engines)

send the file virus@avast.com in a password protected zip file, and write " Possible False positive " in the about field and password in the mail so they can open it

you can also upload the file to avira, they will give you the analysis result in a mail within 48hours. avast does usually not answer the virus mail…
http://analysis.avira.com/samples/index.php

I’ll do that, but my immediate problem is that VS now won’t start. Avast has somehow altered the file as restored from the chest (the file date now shows as today) so now VS can’t load it.

Well, it may very well have been infected!

I restored the file from the chest on the assumption it was an FP. But, Visual Studio failed to load that file and returned an error. The only noticeable issue I could see is that for some reason Avast restored the file with today’s date instead of its original date.

So I restored the file from the original installation CD and Visual Studio started ok again. But, I noticed that Avast didn’t alert me on the file this time.

I resubmitted the file restored from the CD to virustotal and now none of the scanner found anything:

http://www.virustotal.com/file-scan/report.html?id=191e1084d2ba9dc7b523bc06a894facdde9746a88368fabc0b3ef2dcc083d01d-1284305922

The quarantined file is still in the chest. Do you want a copy?

The second set of VT results is for a different file as the MD5 hashes are different.

Norman will add detection for the first sample, detected on VT
DEVBIED.PKG : Processed - Suspicious.AM
this is a low risk item and that was the reason i named it as suspicious…
The detection was added but it made an fp so the detection is removed…

and avira say clean
File ID Filename Size(Byte) Result
25882080 DEVBIED.PKG 72.05 KB CLEAN