How can I check if this is a false alarm??

???
Greetings,

Used version:
avast! Version 4.8 Home Edition
VPS Version: 080628-0, 28.06.2008

“Win32:Trojan-gen {Other}”
found in the freeware tool located here:
http://subliminalblaster.com/sbsetup20.exe

I have downloaded it about half a year ago and scanned it with avast then, like I everytime do after downloading.
No virus/trojan was found. So I installed it.
Today i went through my setup files again and the on access scanner of avast found the mentioned trojan in the same file. So I checked the source website again. Downloading the file again from there, the on access scanner also makes the alert. Scanning the installed files matches nothing, (which is not saying much, of course.)

Do you have a chance to check the file available with the link above, if it is really infected?
It would be helping a lot for the decision if I have to set up my system again, which will take about three full days.

Kind regards,
Bodo Henkel

Just a couple of generic detections and one ‘suspicious’, except for the adware detection at VirusTotal.

Any sign of adware after running the program?

Antivirus Version Last Update Result
AhnLab-V3 2008.6.27.1 2008.06.27 -
AntiVir 7.8.0.59 2008.06.28 -
Authentium 5.1.0.4 2008.06.27 -
Avast 4.8.1195.0 2008.06.28 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.28 -
BitDefender 7.2 2008.06.28 -
CAT-QuickHeal 9.50 2008.06.28 AdWare.Thespacezone.b (Not a Virus)
ClamAV 0.93.1 2008.06.28 -
DrWeb 4.44.0.09170 2008.06.28 -
eSafe 7.0.17.0 2008.06.26 Suspicious File
eTrust-Vet 31.6.5911 2008.06.27 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.27 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.28 -
GData 2.0.7306.1023 2008.06.28 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.06.28 -
Kaspersky 7.0.0.125 2008.06.28 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.28 -
NOD32v2 3224 2008.06.27 -
Norman 5.80.02 2008.06.27 -
Panda 9.0.0.4 2008.06.28 Suspicious file
Prevx1 V2 2008.06.28 Worm
Rising 20.50.52.00 2008.06.28 -
Sophos 4.30.0 2008.06.28 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.28 -
TheHacker 6.2.96.362 2008.06.27 -
TrendMicro 8.700.0.1004 2008.06.27 -
VBA32 3.12.6.8 2008.06.28 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.28 -

Hi Henkel,

Could well be a False Positive, if so it probably will be patched with a new Avast update. This was what the Avast Link Checker plug in found:
Anti-virus engine version: 4.44.0.9170
File size: 657.1K

sbsetup20.exe packed by UPX

sbsetup20.exe packed by ZLIB

sbsetup20.exe - archive BINARYRES

sbsetup20.exe/data001 - OK
sbsetup20.exe/data002 - OK
sbsetup20.exe/data003 - OK
sbsetup20.exe/data004 - OK
sbsetup20.exe/data005 - OK
sbsetup20.exe/data006 - OK
sbsetup20.exe/data007 - OK
sbsetup20.exe/data008 - OK
sbsetup20.exe/data009 - OK
sbsetup20.exe/data010 - OK
sbsetup20.exe/data011 - OK
sbsetup20.exe/data012 - OK
sbsetup20.exe/data013 - OK
sbsetup20.exe/data014 - OK
sbsetup20.exe/data015 - OK
sbsetup20.exe/data016 - OK
sbsetup20.exe/data017 - OK
sbsetup20.exe/data018 - OK
sbsetup20.exe/data019 - OK
sbsetup20.exe/data020 - OK
sbsetup20.exe/data021 - OK
sbsetup20.exe/data022 - OK
sbsetup20.exe/data023 - OK
sbsetup20.exe/data024 - OK
sbsetup20.exe/data025 - archive CHM

sbsetup20.exe/data025/#IDXHDR - OK
sbsetup20.exe/data025/#ITBITS - OK
sbsetup20.exe/data025/#STRINGS - OK
sbsetup20.exe/data025/#SYSTEM - OK
sbsetup20.exe/data025/#TOPICS - OK
sbsetup20.exe/data025/#URLSTR - OK
sbsetup20.exe/data025/#URLTBL - OK
sbsetup20.exe/data025/#WINDOWS - OK
sbsetup20.exe/data025/$FIftiMain - OK
sbsetup20.exe/data025/$OBJINST - OK
sbsetup20.exe/data025/$WWAssociativeLinks/Property - OK
sbsetup20.exe/data025/$WWKeywordLinks/Property - OK
sbsetup20.exe/data025/advanced.htm - OK
sbsetup20.exe/data025/Introduction.htm - OK
sbsetup20.exe/data025/Quick Start.htm - OK
sbsetup20.exe/data025/SB help.hhc - OK
sbsetup20.exe/data025/Tips.htm - OK
sbsetup20.exe/data025 - OK
sbsetup20.exe - OK

So clean, I bet it is a FP,

polonus

:smiley:
Thank you both very much for the fast and very informative answers! You helped me really a lot.

@FreewheelinFrank:
I recognized no suspicious behavior and no adware since installing and running the software.

Thank you and kind regards,
Bodo Henkel