FP found everytime Secunia PSI runs..

Viruses and worms
1

Hi malware fighters,

Occasionally avast alarms on the following file: C:\Documents and Settings\Polonus\My documents\Downloads\setup.exe (12,0 KB) (when clicked makes an MS-Dos program shortcut of 2,78 kb)
flagged by avast as Win 32 Trojan Gen {Other}, this happens when Secunia PSI (RC4) scans my computer. Is this a false positive, as I pressed no action, avast says the malware was stopped in it’s tracks. Are others aware of this, is this a false positive or what?

polonus

2

Setup.exe files seem to come in for an undue amount of generic detections lately, I think due to what some of them do.

Well you know the drill, test at virustotal and submit to avast if conformed an FP.

No Action won’t help as it just means take none of the listed actions in the alert window, but regardless avast won’t let a suspect file run no matter how quick or how many times you press No Action.

3

Well I downloaded PSISetup.exe RC4 and scanned the installation file and no detection.

PSISetup.exe
MD5:
94B00CC382BE9FB56D8DDE696D74F0F5

SHA1:
271F8273AF4D723E9E5005617DC9B1D30B4BA2F4

4

Hi DavidR,

At the mo it won’t trouble me. No other malware program flags this particular executable file, and at virustotal only those programs that share avast’s heuristics do, as I looked it up. Uploaded to virustotal said mine setup.exe was an empty archive file, and could not be handled. So not a big priority here, should I place it in the chest or leave it there as it seems harmless,

pol

5

Your version, at least the file name is different setup.exe as opposed to PSISetup.exe, is yours the same MD5

By empty, what was the file size reported at VT ?
If truly empty, 0 bytes then did avast alert when you tried to upload to VT ?
If so avast would effectively block your upload.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, report it to avast! and what to do to exclude them until the problem is corrected.

6

Hi DavidR,

Placed in the chest,

pol

7

I think the main thing is to send it to avast for analysis and correction if it is an FP.

8

Hi DavidR,

Delivered to avast from the chest, so they can evaluate it for what it is,

polonus

9

What do you think of the new submission system ?

It uploads the submission during the update process, after downloading the update (VPS/Program, Auto/Manual) components and before installing the downloaded components.