First I would like to apologize for crossposting. My first post was in the wrong place. :-[
A couple of days ago Avast found Sign of "Win32:Trojan-gen in “ech.exe”. I believe I uploaded the file to Avast using the program. I have just updated iAVS, but Avast still find the program to be infected. At VirusTotal only Avast and Gdata found this.
My pc is a Packard Bell and the “Infected” program is from NEC Computers. As far as I know it has been there from day one.
Here is info from VirusTotal:
[i]File size: 40960 bytes
MD5…: 83f1a4de90182e630beb24ba5b618df2
SHA1…: 4982b1442a42104ab7e46858266c6b5687da487b
SHA256: 8a4b1b76261135b64f82d79b6d3d99c098fc76890f12a1f6a5d73cbd558466a8
ssdeep: 384:zcLGTDyFqVKkylHaY4fSbc8nE0Oc1sQyqli7roxIjWLrDssbCsDduvBIyFit
2Az4:zYGTDyFqV494qAfGCMQyl
PEiD…: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x14d0
timedatestamp…: 0x3f02a255 (Wed Jul 02 09:13:57 2003)
machinetype…: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6c60 0x7000 5.54 e3f00e84db702c83c75034bc64e17044
.data 0x8000 0xce8 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x9000 0x8e8 0x1000 1.97 e2c015a46fd6b1449f617c3f487fa1c4
( 1 imports )
MSVBVM60.DLL: __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaStrErrVarCopy, _adj_fprem1, __vbaStrCat, -, __vbaSetSystemError, -, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaVarCmpGe, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaBoolVarNull, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaObjVar, DllFunctionCall, __vbaVarOr, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaVarMul, __vbaExceptHandler, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, -, __vbaFPException, __vbaStrVarVal, -, -, _CIlog, __vbaErrorOverflow, __vbaInStr, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaVarCmpLt, _adj_fdivr_m32, __vbaR8Var, _adj_fdiv_r, -, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaVarCmpEq, -, __vbaLateMemCall, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, -, __vbaVarLateMemCallLd, __vbaVarTstGe, __vbaVarCopy, _CIatan, __vbaStrMove, -, _allmul, -, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr
( 0 exports )
RDS…: NSRL Reference Data Set
trid…: Win32 Executable Microsoft Visual Basic 6 (91.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -
sigcheck:
publisher…: NEC Computers International
copyright…: n/a
product…: ech
description…: n/a
original name: ech.exe
internal name: ech
file version.: 1.03.0001
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned[/i]
I hope this will be white listed soon.
Thank you for a great program. Keep up the good work.
JR