False Positive Win32:Trojan-gen {other}

I keep getting Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\EMS\SQL Studio for PostgreSQL\Data Import\PgImport.exe”.

This is commercial software that runs fine when AVG standard shield is paused. Other A/V scanners show this file as clean.

Avast 4.8 Home edition. Build 4.8.1229, VPS 080727-0

Just did an online scan. Most A/V report nothing. I use this program quite a bit and can assure you it is not infected.

Complete scanning result of “PgImport.exe”, processed in VirusTotal at 07/28/2008 15:05:04 (CET).

[ file data ]

  • name…: PgImport.exe
  • size…: 2519040
  • md5…: 04c931ac293cbf3e190b2719b0ebfa9f
  • sha1…: 71b4439afca8c18df153240a702222e97b1a1af8
  • peid…: ASProtect v1.23 RC1

[ scan result ]
AhnLab-V3 2008.7.26.0/20080728 found [Win-Trojan/Hupigon.2519040]
AntiVir 7.8.1.12/20080728 found nothing
Authentium 5.1.0.4/20080728 found [W32/Heuristic-210!Eldorado]
Avast 4.8.1195.0/20080728 found [Win32:Trojan-gen {Other}]
AVG 8.0.0.130/20080728 found nothing
BitDefender 7.2/20080728 found nothing
CAT-QuickHeal 9.50/20080725 found nothing
ClamAV 0.93.1/20080728 found nothing
DrWeb 4.44.0.09170/20080728 found nothing
eSafe 7.0.17.0/20080727 found [Win32.Hupigon.bwl]
eTrust-Vet 31.6.5983/20080726 found nothing
Ewido 4.0/20080728 found nothing
F-Prot 4.4.4.56/20080728 found [W32/Heuristic-210!Eldorado]
F-Secure 7.60.13501.0/20080728 found nothing
Fortinet 3.14.0.0/20080726 found [W32/Hupigon.BWL!tr.bdr]
GData 2.0.7306.1023/20080728 found [Win32:Trojan-gen ]
Ikarus T3.1.1.34.0/20080728 found [Backdoor.Win32.Hupigon.bwl]
Kaspersky 7.0.0.125/20080728 found nothing
McAfee 5347/20080725 found nothing
Microsoft 1.3704/20080728 found nothing
NOD32v2 3302/20080728 found nothing
Norman 5.80.02/20080728 found [W32/Hupigon.BHJS]
Panda 9.0.0.4/20080728 found [Bck/Hupigon.AZG]
PCTools 4.4.2.0/20080728 found nothing
Prevx1 V2/20080728 found nothing
Rising 20.55.02.00/20080728 found nothing
Sophos 4.31.0/20080728 found nothing
Sunbelt 3.1.1536.1/20080725 found [VIPRE.Suspicious]
Symantec 10/20080728 found [Backdoor.Graybird]
TheHacker 6.2.96.389/20080725 found [Backdoor/Hupigon.bwl]
TrendMicro 8.700.0.1004/20080728 found nothing
VBA32 3.12.8.1/20080728 found [Backdoor.Win32.Hupigon.bwl]
ViRobot 2008.7.26.1311/20080728 found nothing
VirusBuster 4.5.11.0/20080727 found nothing
Webwasher-Gateway 6.6.2/20080728 found [Win32.Malware.gen (suspicious)]

[ notes ]
packers (Authentium): PE_Patch, Aspack, Aspack
packers (F-Prot): PE_Patch, Aspack
packers (Kaspersky): PE_Patch


Welcome to the forums, hawkeye22.

This may well depend on where and how you got your copy of the program. A Google search for PgImport.exe produced only 2 pages of results with 5 results to bad sites offering cracked versions of the program.

http://g.s.scandoo.com/search?hl=en&meta=on&q=PgImport.exe


It’s a licensed copy that I purchsed from EMS database Management Solutions.

http://sqlmanager.net/products/studio/postgresql

I did send a passworded zip file to virus@avast.com


That’s cool … glad you have a legal copy of the program.

Hopefully, the avast team will tend to this soon.


Just a quick follow up from the people at EMS.

[i]Dear Anthony,
Your Support Ticket 15873 has been closed.

You can re-open this Support Ticket if you feel the issue is still not
satisfied. A copy of our Support Team response appears below.

Response:

Dear Anthony,

Thank you for contacting us.

If you have downloaded Data Import for MySQL from our website
http://www.sqlmanager.net then you should not be worried that program
files are infected by any scumware. We guarantee that the files which
stored on our servers are not infected and secure.

We will contact the Avast antivirus developers in order they check their
antivirial databases and make appropriate changes to them.

If you have any additional questions please do not hesitate to contact
us in future.

Kind regards,
Nadezhda Merlinova
[/i]

For positive action to take place avast has to analyse a sample of the file.

If you haven’t already done so you should send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.