Did I catch a false positive?

For several months now I have a small program on my system wich I use to learn pronunciation of chinese tones (PinYin).

Today avast picked the file I downloaded from http://www.eztechinc.com/product_list.php?id=4
up claiming it has Win32:Troja-gen {UPX!}.

Previous versions of avast did not bark on this file. But the latest Beta version 4.7.881 (running on on XP.Pro.SP2) with up to date 0636-3 VPS does. The file has been sitting on my hard drive for several months and until today avast never picked it up during a full scan.

When trying to re-download the file, avast resets to connection to to server and claims the very same trojan is in the file.

It appears I can not send the file to avast for testing from the virus chest: “The following file cannot be sent by email:
npinyin.exe (FileID: 5). The file is bigger than the limit: 1024 kB”

It is possible that updates to the VPS and especially the -gen (generic) signatures might detect something on your syatem that wasn’t deteced before. You need to confirm if the detection was correct.

You can check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan, it will need to be temporarily removed from the standard shield exclusions otherwise it won’t be scanned), when it is no longer detected then you can also remove it from the program settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

Thanks for your kind recommendations. I’ll start with Windows Live online virus scanner …

Site seems ok…

Dr.Web (R) daemon for Linux v4.33 (4.33.0.09211) Copyright © Igor Daniloff, 1992-2005 Last update time: 2006-09-10,19:28:44 File size: 37450 bytes

product_list.php?id=4 - archive HTML

product_list.php?id=4/JavaScript.0 - OK
product_list.php?id=4/JavaScript.1 - OK
product_list.php?id=4/JavaScript.2 - OK
product_list.php?id=4/JavaScript.3 - OK
product_list.php?id=4 - OK

I give on trying to submit the file to Virus Total… it’s very slow just to have possibility to access the service nowadays.
On-line scanners are ‘loaded’ and ‘flooded’… :stuck_out_tongue:

You can make higher this limit… Chest settings of avast.

Thanks, Tech.

Neither Windows Defender nor Windows Live AV scanner report the file as infected.

The Blue text in my post are links to multi-engine scanners (27 in the case of VirusTotal) better than any single scan for confirmation one way or another.