Avast caught sgdfsii.exe while doing a though scan, however, when up loaded to virus total, the results indicate a likely false palsative

File sgdfsii.exe received on 10.23.2008 08:11:29 (CET)
Current status: finished
Result: 4/36 (11.11%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Dropper.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Suspicious:W32/Fontra.c!Gemini
Fortinet - - -
GData - - -
Ikarus - - Trojan-Dropper.Vb.1
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - Trojan.Dropper.Gen
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Additional information
MD5: c0ed12064b1d5d77b6f1039cbf4d1982
SHA1: ca4d39b851037fa5e963901a85cabed10e67c981
SHA256: ebccd837b3c31e675acd59b509a21f5f9142539eec7690a53b1e1ed34d14df86
SHA512: 1429c79a439992c02b5f8b3a87410e73d99249b40705df20c79b03bdc80aee6ae187118df2f9f3d35cbe3baaf3939bc818aa5695aea27a2a6c95ec17796a4d16

Is there any way to send the file to the avast team to confirm?

You can send the file to virus@avast.com
But, your avast installation is more up-to-date than the virustotal one.
Maybe it’s not a false positive but the signature was added recently.

Why do you think it is an FP, if just because avast doesn’t detect it on VT, think again.

It isn’t unusual to not have avast detect on VirusTotal when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.

What was the malware name and location of the infected file detected on your system ?

trogen:gen(other)

and location of the infected file

win32:trojen:gen(other)
c:/windows/system32

I personally think the the detection was good based on the file location in the system32 folder as a google search on the file name returned only 3 hits two of them in the avast forums (and the other virustotal detections). For a file to be legit and in the system32 folder I would expect many hits on a google search pointing me at the origin/program associated with the file.

The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware. So it isn’t detected by as a specific trojan.

Thanks

You’re welcome.

the file name (combined with the path) looks quite fishy… do you have any idea what the file could be related to?

Nothing according to google, zero informative hits and only those 3 I mentioned earlier with two of those in the forums.