Weird files in my pc

I am not able to finish full scanning of my pc but it already found one malware. The file is meta4.exe-detected as win32:rootkit-gen [rtk]. (Probably because of the heuristic analysis of Avast!). I tried searching it at the internet and this is malware according to some virus companies like prevx. According to the descriptions of prevx, it is a backdoor trojan. It has also some variants mota113.exe , which has ADS (alternative data streams and TM HijackThis detects it) and x2.64.exe. I cannot upload meta4.exe to virustotal because avast! already blocks it. The other 2 files are detected by four or five other virus engines.
The files came with the program Super (c), which a video/music file converter. Super can be downloaded from http://www.erightsoft.com/SUPER.html .

VirusTotal show that some AV’s detect the super installer as malware. See http://www.virustotal.com/analisis/cfed07eb05ee80ed2d53ace04bf162e9 .

I use Avast Home 4.8. Any help? Should I uninstall super?

Not really. avast does not have a heuristic module, just generic signatures.
But avast 4.8 has an antirootkit module.

If it is reported in VirusTotal… no doubt… I’ll remove it.
Please, edit the link to not leave a live link to malware here in forums.

What do you mean by unable to finish full scanning ?
The Home version (if that is what you have ?) requires interactive input from the user when a virus is detected, once you choose what action to deal with it then avast should continue scanning.
So can you be more specific about what happened ?

Interestingly avast doesn’t detect it in your VT results. What VPS version do you have 080413-0 is the latest ?

Must of those detections on VT appear to be heuristic, so there is still a possibility it could be a false positive. So I would suggest you send it to avast for further analysis.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t there already) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Interesting - me too, have the same problem with “SUPER” the converting program - I had a older version runing without any problems (and stupid me, as I should have known better) I wanted to UPDATE my SUPER to the newest version and - like you - got that MOTA.113.exe - dedected by my AVAST-VirusScan. Now each time I am opening that lousy new version of SUPER immediately my AVAST screams to have dedected MOTA113.exe but I cannot get rid of it! Needless to say that SUPER also does not work anymore… fog54@gmx.net Vienna

Hm … Weird.

SUPER is supposed to be a legitimate program. Something must’ve gone wrong during the new version.

Uninstall it for now. And perhaps contact the author of the software. Push him/her to fix the problem.

went to the super forum, and he says that mota is considered a worm because that file is encrypted, and several antivirus programs recognize this type of encryption, but others consider it dangerous. Just got this warning when I scanned my comp.

Don’t post twice the same, just double the effort of help.
Follow: http://forum.avast.com/index.php?topic=37051.0;topicseen

message deleted, responded under wrong subject