Is this a DrWeb FP or genuine find?

Viruses and worms
1

Hi forum friends,

See the analysis: http://camas.comodo.com/cgi-bin/submit?file=1c0c8cb1bb454437f99c5182dcfa1a42a96ba88d28b9f90a60c1fd95bc11f19e
See where it resides: http://www.virustotal.com/url-scan/report.html?id=c9db1baf3d1daafc054827425b2cfb60-1320590837
See fyle analysis: http://www.virustotal.com/file-scan/report.html?id=1c0c8cb1bb454437f99c5182dcfa1a42a96ba88d28b9f90a60c1fd95bc11f19e-1320594442
Also Fortinet flags: Misc/NSISBinding
Also see: http://anubis.iseclab.org/?action=result&task_id=1b2f794becca18054d5635d1fd971d32e
OK just stubled on this: http://www.threatexpert.com/report.aspx?md5=79dbf104f931897af8dba9175df9adad
Infected is ___\System.dll …
Reported to virus AT avast dot com

polonus

2

Your request has been analyzed. This is not a false alarm.

Sincerely,
Virus Monitoring Service Ltd. “Doctor Web”

Original file name: Lead_Breaker_4139.exe
File size: 458462
MD5: b0b6d9ac247fecc027d73e54bd95f54f

http://www.virustotal.com/file-scan/report.html?id=925e62a26dea2c608f64ea8cd35fd5adf88948171821dcdc7cd3a0e37661141c-1320678495

Avast 6.0.1289.0 2011.11.07 Win32:Trojan-gen

3

Hi Dim@rik,

Avast has added this to detection now. That is why we do this,

polonus

4

Thanks guys…! :slight_smile: