maconfsetup.exe

Hello,

My last boot time Avast scan gave me following detection message :

maconfigsetup.exe C:\Documents end Settings\myaccountname\Applications Data\Mozilla\Firefox
Profiles\7vp08ady.default\extensions{bb628310-0ab7-11db9cd8-0800200c9a66}

Win32:Trojan-gen{Other}

I have sent it into the chest. I may have also send it inadvertingly without any comment to ALWIL.

Is this a real Trojan ?

Thanks in advance for your answer.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Many thanks for the info. Here follow the results :

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.11.1.0 2008.11.01 -
AntiVir 7.9.0.10 2008.10.31 -
Authentium 5.1.0.4 2008.11.01 -
Avast 4.8.1248.0 2008.11.01 -
AVG 8.0.0.161 2008.11.02 -
BitDefender 7.2 2008.11.02 -
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.02 -
DrWeb 4.44.0.09170 2008.11.02 BACKDOOR.Trojan
eSafe 7.0.17.0 2008.10.30 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.02 -
F-Prot 4.4.4.56 2008.11.01 -
F-Secure 8.0.14332.0 2008.11.02 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.02 -
Ikarus T3.1.1.44.0 2008.11.02 -
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.02 -
McAfee 5421 2008.11.02 -
Microsoft 1.4005 2008.11.02 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.01 -
PCTools 4.4.2.0 2008.11.01 -
Prevx1 V2 2008.11.02 -
Rising 21.01.62.00 2008.11.02 -
SecureWeb-Gateway 6.7.6 2008.11.02 -
Sophos 4.35.0 2008.11.02 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.02 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.02 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.11.01 -

As the suspect file is recognized as such by only one AV, and as Avast
does not say anything about it, I suppose most probably it was a FP.
Do I need to send the file however ?

It isn’t unusual to not have avast detect on VirusTotal when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.

However, it would appear to be an FP or highly likely as the avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

So you do need to send the sample to avast and exclude the file from scans until corrected. See the link how to report and exclude in my first reply.

Thanks for the reply. I tried to e-mail the file to ALWIL directly from the chest, but it failed because
the file is too large. And I cannot zip the file because i would have to pay for the WinZip product.
However, by googling for Ma-config.com (where the suspect file looks to come from), as far as I can
understand, it appears to me that the suspect file is coming as a Firefox extension which have
been declared buggy by the author (causing a FP by Avast), and a new version of it is no more
detected by Avast as an infection. Anyway, I am not really interested by this extension, and most
probably will not install the corrected version of it.
If however if ALWIL would still wish to examine this file, please tell me how I can send it. Sorry,
I recognize it looks stupid from myself, but I do not really know how to do it.

No, you can use the freewares www.7-zip.org or www.izarc.org

Go to the avast Program Settings (right click on the avast icon), Chest section and increase the Max file size to send value to take account of the size of the file.

7zip as Tech mentions is a freeware archive (zip) program, it is what I use and it is relatively easy to use, including adding passwords to archives.

OK, thanks for the info, I did not notice that the e-mail file size limit could be increased.
So I set it to 10 times the standard limit value. It seems to have worked well, hope you
will receive it safely. I have put some info inside the mail so you can make the link.

Thanks to Tech for the link for the freeware archive program.

You’re welcome.
Hope they correct the false positive soon.

You’re welcome, makes life a little easier no need to zip, password protect and send by your email program.