Motorola Phone Tools file comes up as virus

I am getting notification that there is a virus in a file, but when I try to delete, move, rename or move to chest, I get a "Cannot process “…filenam” file error. Here is the supposed file path:
C:\Program Files (x86)\Motorola Phone Tools\MPT_TEST_Info.exe>AUTOIT UNICODE SCRIPT<

Malware Name: VBS Malware-gen
Malware Type: Virus/Worm
VPS Version: 100715-0, 07/15/2010

Is there really a problem or is this a misdetection:

Thanks, Jim in Oregon

upload the exe to http://www.virustotal.com to see if it’s a false positive or otherwise.

If it’s a false positive, you can send it to avast to update their detections.

Prevx - MPT_TEST_INFO.EXE
http://www.prevx.com/filenames/X2629454178384384633-X1/MPT_TEST_INFO.EXE.html

Motorola Phone Tool contains Shorty.Gopher adware? ( this is from 2007 )
http://cellphoneforums.net/alt-cellular-motorola/t250819-motorola-phone-tool-contains-shorty-gopher-adware.html

And here it is detected by MBAM
c:\program files\motorola phone tools\MPT_TEST_Info.exe (Trojan.Downloader) → Quarantined and deleted successfully.
e:\programfiles\motorola\Addons\MPT_TEST_Info.exe (Trojan.Downloader) → Quarantined and deleted successfully.
http://www.bleepingcomputer.com/forums/topic244388.html

I don’t really see why they give it a “malicious software” tag, when all it does is:

MPT_TEST_INFO.EXE has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process
MPT_TEST_INFO.EXE has been the subject of the following behavior:

Created as a process on disk
Deleted as a process from disk

So, it’s packed, and created and deleted. Am I missing something here?

So, what is it I should do? Send it in as a false positive? I ran Mbam and it found nothing. Nor does Superantispyware.

Is this a false positive?

Thanks, Jim ???

did you upload the file to virustotal ?

Here are the results. Is it just Avast then? NOT a virus? I renamed it to “.OLD” and don’t get hits on Avast now.

File MPT_TEST_Info.exe received on 2010.07.15 04:54:38 (UTC)
Current status: finished
Result: 3/42 (7.14%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 -
AhnLab-V3 2010.07.15.00 2010.07.14 -
AntiVir 8.2.4.10 2010.07.14 -
Antiy-AVL 2.0.3.7 2010.07.14 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.14 VBS:Malware-gen
Avast5 5.0.332.0 2010.07.15 VBS:Malware-gen
AVG 9.0.0.836 2010.07.15 -
BitDefender 7.2 2010.07.15 -
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5432 2010.07.15 -
DrWeb 5.0.2.03300 2010.07.15 -
eSafe 7.0.17.0 2010.07.14 -
eTrust-Vet 36.1.7708 2010.07.15 -
F-Prot 4.6.1.107 2010.07.15 -
F-Secure 9.0.15370.0 2010.07.15 -
Fortinet 4.1.143.0 2010.07.14 -
GData 21 2010.07.15 -
Ikarus T3.1.1.84.0 2010.07.15 -
Jiangmin 13.0.900 2010.07.14 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.14 Heuristic.BehavesLike.Win32.PasswordStealer.H
Microsoft 1.5902 2010.07.15 -
NOD32 5279 2010.07.15 -
Norman 6.05.11 2010.07.14 -
nProtect 2010-07-14.01 2010.07.14 -
Panda 10.0.2.7 2010.07.14 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.01 2010.07.15 -
Sophos 4.55.0 2010.07.15 -
Sunbelt 6585 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.14 -
ViRobot 2010.7.12.3932 2010.07.14 -
VirusBuster 5.0.27.0 2010.07.14 -

This was also detected as a password stealing worm by IOBit and also McAfee flags it as a heuristic find, your renaming circumvented that. I would not give it a clean bill at once, as I do not know whether it is a high or rather low riskware tool?

|Name|Type|Description|
Tracking Cookies, Cookies, Cookie:compaq_owner@ad.yieldmanager.com/
Trojan.Downloader, File, C:\Program Files\Motorola Phone Tools\MPT_TEST_Info.exe

polonus

Well changing the file name shouldn’t make any difference if that file is scanned then it would be detected as essentially the file is identical as far as MD5 is concerned. So it may be possible that in changing the .exe file type to .old may mean that it doesn’t get scanned at all.

That however, depends on the scan you are doing and the settings that you have.

Either that or avast has analysed this file and changed the detection signature in a VPS update.

If you submit the file to avira you will get a analysis result in the mail in about 24 - 48 hours
http://analysis.avira.com/samples/index.php

Or submit to Anubis on-line scan that returns pretty good analysis in seconds, http://anubis.iseclab.org/?action=home or http://camas.comodo.com/cgi-bin/submit.