matlab 2008a file detected as trojan

Hello,

I just encountered issues with Avast! 4.8 home during the installation of Matlab R2008a (stand alone) on Windows 32 platform (Windows XP Tablet PC Edition). During installation, Avast detected a virus; no other tested virusscanner (eTrust, Antivir, …) reports this file, which makes me think it is a false alarm.

File name: c:\Program Files\MATLAB\R2008a\bin\win32\cpucount.exe
Malware name: Win32:Trojan-gen {other}
Malware type: Virus/Worm
VPS version: 080707-0.07/07/2008

The previous version of Matlab (R2007b) does not give this issue.

Best regards,

Jörg

PS: I posted in the wrong forum (home/pro support). Sorry for the double posting…

It could be a false positive detection.

You could check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Hello,

Virustotal shows 3 scanners that detect a virus in the file.
I’ll report it to Avast…

Thanks!

Jörg

No problem, glad I could help.

If you had copied the output as the malware names also help not to mention the scanner.

I would guess one of the others scanners to detect this would be GData and it would be the same malware name ?
This is because GData uses two scanning engines one of them is avast.

Other malware names could also be categorised Suspicious or Generic (like the avast -gen part of the malware name) and these are more prone to false positive detection.

So yes the sample should be sent to avast for analysis and correction as required.

Welcome to the forums.

Managed to send the file, but it was cumbersome…

The mail server at work scans all mails, and blocks the sending of a .exe file, even in a password protected zip file. So my first attempt yielded a “banned message from you”. :o
To circumvent it, I placed the zip file again in a zip file… :smiley:

Thanks again,

Jörg

In these cases, you can upload the file to the ftp server: ftp://ftp.avast.com/incoming