system
January 15, 2008, 8:02pm
1
OBMM (Oblivion Mod Manager) is a very popular companion utility for the RPG game Oblivion.
Getting “obmm.zip/obmm_setup.exe infected - Win32:Trojan-gen {Other}”
The installable contents of obmm_setup.exe scan clean.
This program uses Inno Setup, and contains a custom script.
You can find the official obmm distribution here: http://timeslip.chorrol.com/current/obmm.zip
Virus Total gets hits from only Avast and Prevx1. Prevex1 says: “Suspicious Self Modifying File”.
Only users of Avast are complaining of this issue.
Please provide further instructions if needed… thank you!
Most probably a false positive as you can see. VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list. Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button… You can use wildcards like * and ?. But be carefull, you should ‘exclude’ that many files that let your system in danger.
system
January 15, 2008, 9:56pm
3
Here is the permalink to the report: http://www.virustotal.com/analisis/30d58b7e556802fe832a274c6725c565
From the report, the prevx program log: http://info.prevx.com/aboutprogramtext.asp?PX5=14A6205AED4CA605D4651995BDF92A00EB4A3AA8
File obmm.zip received on 01.14.2008 21:56:12 (CET)
Antivirus;Version;Last Update;Result
AhnLab-V3;2008.1.15.10;2008.01.14;-
AntiVir;7.6.0.46;2008.01.14;-
Authentium;4.93.8;2008.01.13;-
Avast;4.7.1098.0;2008.01.14;Win32:Trojan-gen {Other}
AVG;7.5.0.516;2008.01.14;-
BitDefender;7.2;2008.01.14;-
CAT-QuickHeal;9.00;2008.01.14;-
ClamAV;0.91.2;2008.01.14;-
DrWeb;4.44.0.09170;2008.01.14;-
eSafe;7.0.15.0;2008.01.14;-
eTrust-Vet;31.3.5456;2008.01.14;-
Ewido;4.0;2008.01.14;-
FileAdvisor;1;2008.01.14;-
Fortinet;3.14.0.0;2008.01.14;-
F-Prot;4.4.2.54;2008.01.14;-
F-Secure;6.70.13030.0;2008.01.14;-
Ikarus;T3.1.1.20;2008.01.14;-
Kaspersky;7.0.0.125;2008.01.14;-
McAfee;5206;2008.01.14;-
Microsoft;1.3109;2008.01.14;-
NOD32v2;2790;2008.01.14;-
Norman;5.80.02;2008.01.14;-
Panda;9.0.0.4;2008.01.14;-
Prevx1;V2;2008.01.14;Heuristic: Suspicious Self Modifying File
Rising;20.27.02.00;2008.01.14;-
Sophos;4.24.0;2008.01.14;-
Sunbelt;2.2.907.0;2008.01.12;-
Symantec;10;2008.01.14;-
TheHacker;6.2.9.187;2008.01.13;-
VBA32;3.12.2.5;2008.01.13;-
VirusBuster;4.3.26:9;2008.01.14;-
Webwasher-Gateway;6.6.2;2008.01.14;-
Additional information
File size: 1668550 bytes
MD5: a85a3f6bf99d59c013cf6f35f4e07992
SHA1: e9c25750b9fdb1414e92adba9e451c487ced57ac
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=14A6205AED4CA605D4651995BDF92A00EB4A3AA8
No doubt it is a false positive. Hope they correct it soon
system
January 15, 2008, 11:58pm
5
Thanks Tech!
Message sent to virus@avast.com with detail.
Regards,
system
January 16, 2008, 12:04am
6
lol… I spoke too soon… my two usual email providers are denying password protected zip files (created on Mac, PC, or Linux, doesn’t matter) :
A simple renaming of the file… for instance… using .rzip instead of zip… or just removing the file extension entirely worked for me…
lol… I spoke too soon… my two usual email providers are denying password protected zip files (created on Mac, PC, or Linux, doesn’t matter) :
Add the file to Chest and send it to Alwil from there
system
January 16, 2008, 12:14am
8
Thanks… I think my little renaming trick worked… bonk …
system
January 16, 2008, 7:19pm
9
This issue has been resolved!
A big thank you to Alwil staff for their fantastic dedication and communication. Kudos!
Tech, if you are not Alwil staff, thank you too! Keep up the good work!
Regards,
No, I’m not from Alwil staff. I’m a common user.
system
January 16, 2008, 7:47pm
11
Then all the more… Huge! Thank you! ;D
over-and-out…
