Possible false positive for imagew.exe (ver 2.02)

Viruses and worms
1

I believe a recent virus database upgrade is finding a false positive in a file from TerabyteUnlimited. It is the Image for Windows executable (imagew.exe) This is the warning given.
Sign of “Win32:Kolabc [Wrm]” has been found in “C:\Program Files\TeraByte Unlimited\Image for Windows\V2\imagew.exe” file.
Is there a way to check this out before I list it as an exclusion? I can’t attach the file as it is over the 200 KB limit.

Thank you.

2

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limits 10 and 15MB each.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be carefull, you should ‘exclude’ that many files that let your system in danger.

3

I did try to send it to avast but the mail was reported as not being able to be delivered. I will try to send to Virus Total. Even though I added the file to the Exclusion list, the file continued to be reported as infected and would not run.

4

Here are the results from Virus Total:

Antivirus Version Last Update Result
AhnLab-V3 2008.1.19.10 2008.01.18 -
AntiVir 7.6.0.48 2008.01.20 -
Authentium 4.93.8 2008.01.20 -
Avast 4.7.1098.0 2008.01.20 Win32:Kolabc
AVG 7.5.0.516 2008.01.20 -
BitDefender 7.2 2008.01.20 -
CAT-QuickHeal 9.00 2008.01.19 -
ClamAV 0.91.2 2008.01.20 -
DrWeb 4.44.0.09170 2008.01.20 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5470 2008.01.18 -
Ewido 4.0 2008.01.20 -
FileAdvisor 1 2008.01.20 -
Fortinet 3.14.0.0 2008.01.20 -
F-Prot 4.4.2.54 2008.01.19 -
F-Secure 6.70.13260.0 2008.01.20 -
Ikarus T3.1.1.20 2008.01.20 -
Kaspersky 7.0.0.125 2008.01.20 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.20 -
NOD32v2 2808 2008.01.20 -
Norman 5.80.02 2008.01.20 -
Panda 9.0.0.4 2008.01.20 -
Prevx1 V2 2008.01.20 Heuristic: Suspicious File With Covert Attributes
Rising 20.27.62.00 2008.01.20 -
Sophos 4.24.0 2008.01.20 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.20 -
TheHacker 6.2.9.191 2008.01.19 -
VBA32 3.12.2.5 2008.01.19 -
VirusBuster 4.3.26:9 2008.01.20 -
Webwasher-Gateway 6.6.2 2008.01.20 -
Additional information
File size: 3152485 bytes
MD5: 9a5a33f674cc7b6b6cdbe7d091d97653
SHA1: ee459e3af8b2947af7d7ab19800f560a4f84343d
PEiD: -

5

Maybe you can open the avast! Chest, right click the file area and add the file there.
Then you can resend it to Alwil withing the Chest.

Check if you add the correct name and path.
Maybe you need to boot to this setting to work.

6

I sent again directly to Avast by zipping the file and passwording it. I think it went through this time. If it is a false positive, what will happen?