FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files

Avast Free Antivirus / Premium Security
1

Avast! Antivirus reports a False Positive alarm (It says Win32:Bifrose-AGY [Trj]) with files created by Multimedia Builder 4.9.7, which are compressed with the UPX packer.
The definitions are the latest: 1.9.2007 - 0771-0

The problem was also reported by the software house of MMB:
http://mmb.mediachance.com/virus.htm

I hope this false positive alarm will be fixed as soon as possible…

2

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

3

I’ve already sent a mail to virus@avast.com
However this is the scan with Online malware scan of an exe file created with MMB:

Scan taken on 02 Sep 2007 12:22:49 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Bifrose-AGY
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

4

They are usually quick to correct these after submission of the sample.

In the meantime you can exclude the file form scans.

Welcome to the forums.

5

Here another scan report:

File FalsePositive.exe ricevuto il 2007.09.02 14:18:32 (CET)

[tr][td]Antivirus[/td][td]Version[/td][td]Last Update[/td][td]Result[/td][/tr]
[tr][td]AhnLab-V3[/td][td]2007.9.1.0[/td][td]2007.09.01[/td][td]-[/td][/tr]
[tr][td]AntiVir[/td][td]7.4.1.66[/td][td]2007.09.01[/td][td]-[/td][/tr]
[tr][td]Authentium[/td][td]4.93.8[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]Avast[/td][td]4.7.1029.0[/td][td]2007.09.01[/td][td]Win32:Bifrose-AGY[/td][/tr]
[tr][td]AVG[/td][td]7.5.0.484[/td][td]2007.09.01[/td][td]-[/td][/tr]
[tr][td]BitDefender[/td][td]7.2[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]CAT-QuickHeal[/td][td]9.00[/td][td]2007.09.01[/td][td]-[/td][/tr]
[tr][td]ClamAV[/td][td]0.91.2[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]DrWeb[/td][td]4.33[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]eSafe[/td][td]7.0.15.0[/td][td]2007.09.02[/td][td]suspicious Trojan/Worm[/td][/tr]
[tr][td]eTrust-Vet[/td][td]31.1.5100[/td][td]2007.08.31[/td][td]-[/td][/tr]
[tr][td]Ewido[/td][td]4.0[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]FileAdvisor[/td][td]1[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]Fortinet[/td][td]3.11.0.0[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]F-Prot[/td][td]4.3.2.48[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]F-Secure[/td][td]6.70.13030.0[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]Ikarus[/td][td]T3.1.1.12[/td][td]2007.09.02[/td][td]Virus.Win32.Bifrose.AGY[/td][/tr]
[tr][td]Kaspersky[/td][td]4.0.2.24[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]McAfee[/td][td]5110[/td][td]2007.08.31[/td][td]-[/td][/tr]
[tr][td]Microsoft[/td][td]1.2803[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]NOD32v2[/td][td]2497[/td][td]2007.09.01[/td][td]-[/td][/tr]
[tr][td]Norman[/td][td]5.80.02[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]Panda[/td][td]9.0.0.4[/td][td]2007.09.01[/td][td]-[/td][/tr]
[tr][td]Prevx1[/td][td]V2[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]Rising[/td][td]19.38.62.00[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]Sophos[/td][td]4.21.0[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]Sunbelt[/td][td]2.2.907.0[/td][td]2007.08.31[/td][td]-[/td][/tr]
[tr][td]Symantec[/td][td]10[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]TheHacker[/td][td]6.1.9.175[/td][td]2007.08.31[/td][td]-[/td][/tr]
[tr][td]VBA32[/td][td]3.12.2.3[/td][td]2007.09.01[/td][td]-[/td][/tr]
[tr][td]VirusBuster[/td][td]4.3.26:9[/td][td]2007.09.02[/td][td]-[/td][/tr]
[tr][td]Webwasher-Gateway[/td][td]6.0.1[/td][td]2007.09.01[/td][td]Win32.ModifiedUPX.gen!90 (suspicious)[/td][/tr]

6

The second one I assume is VirusTotal, which is the better of the two as it uses the windows version of avast and includes more packers.

However it still may be an FP as two detections are suspicious, and could be down to heuristics, so I think it was still wise to submit the sample as you did.

7

WOW! Very quick! Thanks a lot!

Scan taken on 03 Sep 2007 10:10:33 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

8

As I said they are generally very quick to correct an FP after analysis.

Thanks for the feed back, glad that the problem is resolved.