Only DrWeb to detect as Trojan.Proxy.25641 ?

See: https://www.virustotal.com/en/url/6b29e8e3be7b66b198a4a90bf1d0b0a096d3f51b9a4177bae9085a6a2ef05504/analysis/1377800216/
and
https://www.virustotal.com/en/file/fd9269719573a61bf5110097ff7ac3b15e422a669a573b4b73d50c1203f3295d/analysis/1377606264/
Heur.Suspicious or FP?
See: http://support.clean-mx.de/clean-mx/viruses.php?domain=biosagentplus.com&sort=id%20desc

polonus

hello

generally , when there’s just one detected it’s a FP

Hi g3n-h@ckm@n,

Probably you are right. I think it is a wrong packer identification: http://urlquery.net/report.php?id=2014360
i.e. Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected which DrWeb may flag here…
see: http://f.virscan.org/biosagentplus_36.exe.html
see: http://systemexplorer.net/file-database/file/biosagentplus_36-exe

pol

Antiviruses detect a little bit anything

look at that !! I sent my tool Pre_scan renamed winlogon

http://r.virscan.org/report/7b7930676a3f04fa452d35711b8bfc4a.html

but what comes from esupport.com is obsolete

here’s usbfix ( version Pro integrated (not in line it’s a beta version))

https://www.virustotal.com/en/file/d79e98f0e2189db2ee74e939e36d72dc3d61822c2115020bc297f92b2f02bbf0/analysis/1377813745/

i say a FP from Dr.Web

First submission 2013-07-12 16:12:45 UTC ( 1 month, 2 weeks ago )

packages UPX are often detected as infections by antiviruses:)

Sent both files to the virus laboratory with a note of false positives, in the near future I think will be corrected.

Came the reply:

Your request has been analyzed. This operation is false. The error was corrected. (Virus Monitoring Service Doctor Web Ltd.)

Original file name: UsbFix.exe
File size: 1144645
MD5: 5d2328d28ed0861ba66c9ab4e8f35582

Original file name: biosagentplus_1218.exe
File size: 633360
MD5: 9a723001055ac806b73d97f2e2092a88

Hi Dimitrij,

Good you sorted that one out with the folks from St. Petersburg. Mutual FP reports and non-detect reports help.

I think at the root of the false detection was the too strict snort/emerging threats IDS rule, see:
http://urlquery.net/report.php?id=1902578 alerting ET POLICY PE EXE or DLL Windows file download & FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected -
For an explanation see: http://www.snort.org/search/sid/16435 as a “a packer that is commonly used by malware authors
and may indicate a possible malware transfer to the target host”.

Also see: http://urlquery.net/report.php?id=4832442 (snort speaks of “no false negatives” for sid/16435!
Here we see the discrepancy between IDS alerts and actual av detection: https://www.virustotal.com/nl/file/fd2949d5c96554421104baecc0662effd54cacf4254c6030f46056cfea1c11ea/analysis/
In this case the av detection is correct and the IDS alerts needs more precision…

Damian