False positive, Win32:Malware-gen, MsgBox.exe 2.1

Viruses and worms
1

MsgBox.exe 2.1
Win32:Malware-gen

I first got this false positive about a week ago. I’ve submitted it to avast!, but so far, it’s still detected. Of course I’ve excluded it, but I fail to understand why this FP isn’t getting resolved. I’ve submitted dozens of FPs to Avira, and they’re always fixed within hours. (Maybe because they have so much practice at it!)

Here is a link to the EXE in a ZIP archive.

I’ve been using this little command line utility for years, I’ve corresponded with the author, I know what it does, and I know it’s not malware.

2

It is not only avast! that don`t like this…

VirusTotal - msgbox.exe - 5/43
http://www.virustotal.com/file-scan/report.html?id=c80952923e60155feec59c88a81d9a2a8086ad384178dfd45c77849659aa3d48-1290378004

sample sendt avast!

3

Whilst avast and gdata detect this (counts as one) as it is the same signature detection win32:Malware-gen (generic detection), the other two detections are packer based and or heuristic which are more prone to error.

I have submitted the MsgBox.exe file for further analysis.

4

To iterate somewhat, those results simply show that Trend and Comodo both detect that MsgBox.exe uses a runtime packer. This means absolutely nothing.

5
I have submitted the MsgBox.exe file for further analysis.
i already did that David......see my post....well they should have enough samples now ;D
6

Hello,
false positive will be fixed in next VPS update.

Milos

7

Thanks for the prompt response Milos.

This is now corrected in virus definitions update 101122-0.