Hello,
While scanning my corporate laptop with my Avast U3 scanner (updated today, Thorough scan), it marked the following files as malware:
C:\Program Files\Hewlett-Packard\OpenView\service desk 4.5\client\bin\HPOV_SP17 Start Client.exe INFECTED: Win32:Trojan-gen {Other}
C:\Program Files\Hewlett-Packard\OpenView\service desk 4.5\client\bin\sdlaunch.exe INFECTED: Win32:Trojan-gen {Other}
C:\WINDOWS\system32\HPOV\HPOV_SP17 Start Client.exe INFECTED: Win32:Trojan-gen {Other}
C:\WINDOWS\system32\HPOV\StartupScript HPOV_SP17.exe INFECTED: Win32:Trojan-gen {Other}
C:\WINDOWS\system32\HPOV\StartupScript HPOV_SP9.exe INFECTED: Win32:Trojan-gen {Other}
These files belong to the HP Openview ServiceDesk client tool.
Havent used this tool for months, suddenly they are marked as trojans.
Uploading a few of them to www.virustotal.com gives a result of 6/36 as marked bad:
File sdlaunch.exe received on 08.13.2008 14:40:01 (CET)
Current status: finished
Result: 6/36 (16.67%)
Antivirus Version Last Update Result
AhnLab-V3 2008.8.13.0 2008.08.13 -
AntiVir 7.8.1.19 2008.08.13 -
Authentium 5.1.0.4 2008.08.12 -
Avast 4.8.1195.0 2008.08.12 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.08.13 -
BitDefender 7.2 2008.08.13 Trojan.Generic.162059
CAT-QuickHeal 9.50 2008.08.12 -
ClamAV 0.93.1 2008.08.13 -
DrWeb 4.44.0.09170 2008.08.13 -
eSafe 7.0.17.0 2008.08.12 Suspicious File
eTrust-Vet 31.6.6030 2008.08.13 -
Ewido 4.0 2008.08.13 -
F-Prot 4.4.4.56 2008.08.12 -
F-Secure 7.60.13501.0 2008.08.13 -
Fortinet 3.14.0.0 2008.08.13 -
GData 2.0.7306.1023 2008.08.13 Win32:Trojan-gen
Ikarus T3.1.1.34.0 2008.08.13 -
K7AntiVirus 7.10.412 2008.08.12 -
Kaspersky 7.0.0.125 2008.08.13 -
McAfee 5359 2008.08.12 -
Microsoft 1.3807 2008.08.13 -
NOD32v2 3352 2008.08.13 -
Norman 5.80.02 2008.08.13 -
Panda 9.0.0.4 2008.08.13 Suspicious file
PCTools 4.4.2.0 2008.08.12 -
Prevx1 V2 2008.08.13 -
Rising 20.57.22.00 2008.08.13 -
Sophos 4.32.0 2008.08.13 -
Sunbelt 3.1.1542.1 2008.08.13 -
Symantec 10 2008.08.13 -
TheHacker 6.3.0.3.046 2008.08.13 -
TrendMicro 8.700.0.1004 2008.08.13 PAK_Generic.001
VBA32 3.12.8.3 2008.08.13 -
ViRobot 2008.8.13.1335 2008.08.13 -
VirusBuster 4.5.11.0 2008.08.12 -
Webwasher-Gateway 6.6.2 2008.08.13 -
Some of the files are identical to each other (exact MD5 hash) and have been send to virus@avast.com for further analysis.
Please investigate.