I ran a scan with Avast! Home 4.8.1229. It detected what it identified as a Win32:Spyware-gen [trj] Trojan Horse, IS_NSM.ex, in an installer file “Install NUDC-W 4.5.2.exe”.
I have had this installer file for many years, and it has been scanned by many virus/malware scanners and this is the first time any scanner has identified it as containing a trojan.
The installer package is available from http://www.siteadvisor.com/sites/nowsoftware.com/downloads/10823856/ and that site declares that the package was scanned by McAfee SiteAdvisor and is safe: “In our tests, this download was free of adware, spyware and other potentially unwanted programs”. It says that IS_NSM.ex is a file system modification done by the installer:
ADD c:\WINDOWS\Temp\Install NUDC-W 4.5.2_IS_NSM.ex_
So, it seems that this is a false positive by Avast.
I’m assuming the avast detection was win32:trojan-gen ?
If so that too is a generic signature and like those heuristic (suspicious) or .gen detections in VT are more prone to FP.
Avast reported it as:
Win32:Spyware-gen [trj]
Trojan Horse
I’ve done as you suggested: I e-mailed virus@avast.com telling them about the false positive and providing them a link to download the zipped installer archive.
Yes, the -gen at the end of the malware name indicates a generic signature, it is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.