False Positive?

Receiving an alert on “Battlefield HitFixer 1.31.exe” [file downloaded from http://www.mediafire.com/?yigayixxgd0 ] Have had this file on my PC for quite a while (in excess of 6 months) and after a recent AVAST update it starts to be identified as a Win32:Trojan-gen {other}

The program is used to alter some settings in Battlefield 2 gameplay.

The online scan at http://virusscan.jotti.org/ gave the following results.

Scan taken on 13 Sep 2008 12:52:40 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found Trojan.Rootkit.Agent.Ez
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.Spy.W32.Agent.bdw
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found Trojan-Spy.Win32.Agent.bbg
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Virus total advises the following:

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - TrojanSpy.Agent.bcx
ClamAV - - Trojan.Spy-29218
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
Fortinet - - -
GData - - -
Ikarus - - Trojan-Spy.Win32.Agent.bbg
K7AntiVirus - - Trojan-Spy.Win32.Agent.bga
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - archive damaged
Norman - - -
Panda - - Suspicious file
PCTools - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - Trojan/Spy.Agent.bem
TrendMicro - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 2ddbd9948b67fc0536f483d94ec42431
SHA1: a7e0656d84c26920b5b6466a1cdd20433b87d744
SHA256: b79fabdc7674a7d96460fb9560932cd7367b951149e2c8969de2e8082964f1b8
SHA512: e5e05c55fd270b7ea22f7168412ef8e544516ea0a09697c554dbd5f95a74ffeea5aea3d37ff6329b0ca5b328c76daeb3ec3dfdd4f151a70d95070880c41f749d

Hi. I had a similar problem… Try to update Avast - the database and the program too… Hope that it would solve your problem.
Good luck!

@ Gryphen
I think because several of the detections are generic or heuristic it could well be an FP.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

If it is indeed a false positive and it seems so, if you accept the risk you could, add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions (right click the avast ’ a ’ icon)

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Okay I added it to the exclusions, I also changed the standard shield… and it still blocks it? (Fixed, only alerts when run directly off the desktop)

p.s Also sent the file as advised.

When you get an alert, copy the path to the file being detected, the alert window alows you to copy the full path, paste that into the standard shield exclusion.

Hello guys,

fixed in actual vps update. Thank you All for help.