For sure a false positive. I’ve sent this to you a long time ago. This is the an Internet filter software. Please, correct the detection. I’ve sent the file twice to you. One more than one month ago…
At least, the Portuguese (Brazilian) version is being detected as having Win32: Trojan-gen{Other}
Most strange as this has been around for some time and DrWeb doesn’t find anything in the English setup file.
I hope what Maxx_original said about filtering submissions from the chest (which I already though was happening) will get more prompt action as they are on peoples systems, especially when they are False Positives.
It would be nice if we could submit a URL to VT or Jotti for scanning instead of having to upload it.
OK I paused the web shield and downloaded setup-en.exe from the URL you gave and no detection by ashQuick.exe (all my downloads are scanned) and detection by Standard Shield. So this doesn’t seem to be a problem with the English installation file.
What is the exact file it is alerting on ?
I’ll post the VirusTotal result later…
I’ve tried to download it and avast caught it again…
http: // www . radiance . m6 . net / setup-br.exe (the link for it).
File Naomi_3.2.90_Br.exe received on 10.20.2007 20:14:35 (CET)
Result: 15/32 (46.88%)
Antivirus Version Last Update Result
AntiVir 7.6.0.27 2007.10.20 DR/Agent.ajz
Authentium 4.93.8 2007.10.19 is a security risk or a "backdoor" program
Avast 4.7.1051.0 2007.10.19 Win32:Trojan-gen {Other}
BitDefender 7.2 2007.10.20 Trojan.Agent.AWZ
eSafe 7.0.15.0 2007.10.15 Win32.Agent.ajz
Fortinet 3.11.0.0 2007.10.19 W32/Agent.AJZ!tr
F-Prot 4.3.2.48 2007.10.19 W32/Malware!bfa3
F-Secure 6.70.13030.0 2007.10.19 Trojan.Win32.Agent.ajz
Ikarus T3.1.1.12 2007.10.20 Trojan.Win32.Agent.ajz
Kaspersky 7.0.0.125 2007.10.20 Trojan.Win32.Agent.ajz
Panda 9.0.0.4 2007.10.20 Trj/Downloader.MDW
Rising 19.45.52.00 2007.10.20 Trojan.Win32.Agent.ajz
Sophos 4.22.0 2007.10.20 Mal/Generic-A
VBA32 3.12.2.4 2007.10.19 Trojan.Win32.Agent.ajz
VirusBuster 4.3.26:9 2007.10.20 -
Webwasher-Gateway 6.6.1 2007.10.19 Trojan.Agent.ajz
Additional information
File size: 1434947 bytes
MD5: 765a23907ae8a8752618526865158e1c
SHA1: 596bfbc9390b7e2d6e24fa16b8bc4769a5ed98dc
packers: Yoda, ASPack, ASPack, ASPack, ASPack
Do not detect is as infected:
Antivirus Version Last Update Result
AhnLab-V3 2007.10.20.0 2007.10.19 -
AVG 7.5.0.488 2007.10.20 -
CAT-QuickHeal 9.00 2007.10.20 -
ClamAV 0.91.2 2007.10.20 -
DrWeb 4.44.0.09170 2007.10.20 -
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.20 -
FileAdvisor 1 2007.10.20 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.20 -
NOD32v2 2604 2007.10.19 -
Norman 5.80.02 2007.10.19 -
Prevx1 V2 2007.10.20 -
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.20 -
TheHacker 6.2.9.101 2007.10.20 -
VirusBuster 4.3.26:9 2007.10.20 -
I’m sure it’s a false positive…
I’m sure you are right, but it seems no one likes that particular file. :-\ ???
I too would think it is an FP however, there is most certainly something that they don’t like in that file. The strange thing is such a wide range of names, that could be a different type of trojan infection, malware, backdoor, agent, downloader, weird.
I would suggest a message to Naomi (if you haven’t already) to see if they are aware of it and if there is anything that differs from the other language versions.
The developer stopped his work due to lack of budget and financial support.
They tried to buy and make Naomi shareware. He resisted bravely.
I’ll try to find a way to say this to him.
Which makes it even more strange if there has been no development since 2006 then nothing should have changed.
False positive not corrected (yet).
One month later and the false positive was not yet corrected. >:(
Scanning of selected files
Action was completed successfully!
Virus has been detected!
File Name: Naomi 3.2.90 Br.exe
FileID: 8
Virus Description: Win32:Trojan-gen {Other}
ooh, sorry for this overlooked one… i’m quite busy in last few weeks :-\
You must have some more good boys working with you… what about hiring more ???
Tech: we already did it, but he must get more experience first…
All language mutation of Naomi filter was added to our “clean set”. False positive alert was found in file naomf.exe in these setup files: setup-br.exe, setup-tr.exe.
FP alert will be corrected in next VPS update.
Confirmed. False positive corrected. Thanks. Better late than never.