Hi all

Recently i am getting detection of the Win32:patched Trojan from an exe with the Ojosoft Total Video Converter install. This is specifically the convert.exe, anyone else getting this. If i quarenten this file i lose functionality and its not repairable.

Could this be a false positive?

I have contacted Ojosoft and searched here but found nothing so far

Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

reported via the report function in avast.

only 5% of Viriscan scanners see this as a trojan

VirSCAN.org Scanned Report :
Scanned time : 2011/02/27 14:41:03 (EST)
Scanner results: 5% Scanner(s) (2/37) found malware!
File Name : convert.exe
File Size : 84219 byte
File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5 : 5b8030a21e3779551520e6569a64d93e
SHA1 : 883b2ad38111b7c1345e13b55306d47016f238a5
Online report : http://virscan.org/report/6ad6cb656473edc33a05b5dc1907fe05.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110216210205 2011-02-16 1.05 -
AhnLab V3 2011.02.27.00 2011.02.27 2011-02-27 2.43 -
AntiVir 8.2.4.176 7.11.3.240 2011-02-25 0.47 -
Antiy 2.0.18 20110217.7833565 2011-02-17 0.03 -
Arcavir 2010 201102271155 2011-02-27 0.07 -
Authentium 5.1.1 201102262004 2011-02-26 1.63 -
AVAST! 4.7.4 110226-1 2011-02-26 0.02 Win32:Patched-VC [Trj]
AVG 8.5.850 271.1.1/3470 2011-02-27 0.33 -
BitDefender 7.90123.6708396 7.36436 2011-02-27 6.46 -
ClamAV 0.96.5 12782 2011-02-26 0.08 -
Comodo 4.0 7818 2011-02-26 1.16 -
CP Secure 1.3.0.5 2011.02.27 2011-02-27 0.08 -
Dr.Web 5.0.2.3300 2011.02.27 2011-02-27 10.94 -
F-Prot 4.4.4.56 20110226 2011-02-26 1.58 -
F-Secure 7.02.73807 2011.02.26.01 2011-02-26 0.20 -
Fortinet 4.2.254 12.938 2011-02-26 0.30 -
GData 21.1894/21.714 20110227 2011-02-27 8.78 Win32:Patched-VC [Trj] [Engine:B]
ViRobot 20110226 2011.02.26 2011-02-26 6.07 -
Ikarus T3.1.32.15.0 2011.02.26.77815 2011-02-26 4.92 -
JiangMin 13.0.900 2011.02.26 2011-02-26 1.94 -
Kaspersky 5.5.10 2011.02.26 2011-02-26 0.20 -
KingSoft 2009.2.5.15 2011.2.27.9 2011-02-27 2.96 -
McAfee 5400.1158 6269 2011-02-26 8.55 -
Microsoft 1.6603 2011.02.26 2011-02-26 5.02 -
NOD32 3.0.21 5907 2011-02-25 0.02 -
Norman 6.07.03 6.07.00 2011-02-25 12.03 -
Panda 9.05.01 2011.02.26 2011-02-26 4.70 -
Trend Micro 9.200-1012 7.860.11 2011-02-26 0.09 -
Quick Heal 11.00 2011.02.26 2011-02-26 2.02 -
Rising 20.0 23.46.05.03 2011-02-26 6.92 -
Sophos 3.16.1 4.62 2011-02-27 3.16 -
Sunbelt 3.9.2474.2 8530 2011-02-24 1.01 -
Symantec 1.3.0.24 20110226.003 2011-02-26 0.05 -
nProtect 20110226.01 3209203 2011-02-26 9.32 -
The Hacker 6.7.0.1 v00140 2011-02-26 0.48 -
VBA32 3.12.14.3 20110224.2113 2011-02-24 3.88 -
VirusBuster 5.2.0.28 13.6.223.2/45758852011-02-26 0.00 -

I received the same Avast warning when trying to run the OJOSoft video converter. Curiously, I have been running the app for months with no problems… until yesterday.

When I launched the app, Avast identified Convert.EXE as a Trojan and put it in the ‘chest’. Consequently, but nor surprisingly, the application no longer functions properly.

Before I came onto this forum, I uninstalled the OJOSoft converter and then reinstalled it from a saved install file. The very same Trojan warning came up as earlier reported by another forum member.

So, this tells me that whatever Avast is reading as a Trojan is contained in the OJOSoft install file from when I purchased their application back in November 2010.

Chris

@YourTallCoolOne

If the file is less then 20mb then upload to www.virustotal.com and test it with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here

I’m not optimistic…

The OJOSoft site has not been updated is appears since 2008 and their last news entry is from November 2007.

I sent them an email… Let’s see if there is anyone on the other side to respond.

Chris

@Pondus

I am working within Avast now and I can see from the Avast “File System Shield Scan Logs” that Convert.EXE has been moved to Chest. The Help tells me that I can right click on this log entry in order to send the file. This doesn’t work (cannot righjt click).

Any other way that I can find the file in question in order to upload as per your suggestion?

Thanks,
Chris

OjoSoft responded to me and are happy that this is not a trojan.

Avast updated something in the definitions to cause this false positive, as i also had it installed for months with no issues until the other day.

File is detected correctly. There is added section ‘.Silvana’ which contains part of import table. Such imported library has random name and random method name. In this case the library name is ‘GetChar2.dll’ and the method is ‘GetChar’. It seems to me like Win32:Induc few years later.

FWIW, I just purchased the OjoSoft product and am getting a similar notification from MalwareBytes. I think “TROJANDOWNLOADER” is the exact text.