With the last two updates today, you have begun reporting the file videogetinstaller_trial.exe as the above Trojan. This file has been in one of my directories now for some time. I allowed Avast! to put the file in the Chest but do not believe it to be infected. To make sure that my file was the same as the one from the developer site, I downloaded it again. This time it was picked up by you as it was downloading.
The developer is Nuclear Coffee (www.nuclear-coffee.com) and the file was directly downloaded from their site by clicking on Download for VideoGet.
I did say in your software to notify you of the FP. Does that mean that you got a copy of the infected file?
Can you assure me one way or another as to whether it is a virus?
BTW, I am using the program installed by this installer. Avast does not see it as a virus.
A copy will be uploaded to avast on the next auto or manual update, you can initiate a manual update and pre-empt any wait for the next auto update.
I don’t know if it might be differences in the version of the installer.
In the meantime - You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
I tried VirusTotal and it gave me 1:37 with the one being esafe that had it as WIN32:BANKER. It was clean elsewhere. Unfortunately I lost the URL. Is that what you need?
I noticed on the www.nuclear-coffee.com site they mention in their privacy section that they send info to their servers. Here is what they say
"What information we collect and how we use it
During performance our software sends specific information to Nuclear-Coffee Software servers.
The information that is received by Nuclear-Coffee Software is:
* The current version and build number of software. This is needed in order to notify you of the latest service package and upgrade releases of software.
* The time and date of first program installation and the usage period. This information is collected to gain statistics on the period during which software was used.
* User's system Locale. The system locale information is needed for time calculations as different users are located at random GMT offsets.
The information sent to Nuclear-Coffee Software servers does not concern any personal user information such as name, gender etc."
Could this explain why your software feels the installer contains a Trojan? If so, how do you determine if VideoGet is or is not malware or does that rest on me?
As I mentioned, your software did not see a problem with the file until now.
Also, could you tell me where I can find details on a particular virus like this on your site? I could not find it anywhere.
Firstly it isn’t my software, I’m just an avast user like yourself.
I doubt that that would be the reason as the win32:tibia is associated with game thief/password stealer so I don’t think that kind of activity would be taken for that, but I don’t know.
It isn’t unusual to not have avast detect on VirusTotal when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.
There has just been a VPS update recently, so ensure you have the latest VPS and scan the file again, if it isn’t detected, that is fine. If it is detected I would suggest submitting it to avast for further analysis as a possible false positive. Check the information on the how to report to avast and exclude the file from scans link I gave.