Win 32: Trojan-gen {UPX}

Viruses and worms
1

I get all kinds of Avast sirens whenever I open an eBook file that I created on my computer using a program called Natata. This does not seem to have affected my computer in any way other than the annoyance of the warning. I can open the affected file and read the eBook as before. It has been doing this for some time now so I am wondering what is causing this. I read quite a few comments on this forum about the Trojan-gen {UPX} but nothing that really says what it is and what harm it might do. Your comments would be appreciated.

2

can you scan the file with www.virustotal.com and post the results here?

3

You can view the rusults at the url below
http://www.scottylive.com/total_virus/VirusTotal%20-%20Free%20Online%20Virus%20and%20Malware%20Scan%20-%20Result.htm

4

ok, send the file to virus[at]avast[dot]com in a password protected archive and “false positive - trojan-gen” as subject, pls…

5

I have password protected the file and sent it to Avast. What happens now? Will they contact me?

6

we’ll do a further analysis of the sample (and probably confirm the false positive and fix that) :wink:

7

Ok, thanks for your help. I will wait and see what happens.

8

I have this Trojan-gen. Runing Avast, it is impossible to send him to “quarentene”. Message: error.
Can you give me any help? Thank you.

Antivírus Versão Última Atualização Resultado
AhnLab-V3 2008.2.1.10 2008.01.31 -
AntiVir 7.6.0.59 2008.01.31 -
Authentium 4.93.8 2008.01.31 -
Avast 4.7.1098.0 2008.02.01 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.01.31 -
BitDefender 7.2 2008.02.01 Trojan.Generic.25641
CAT-QuickHeal 9.00 2008.01.30 -
ClamAV 0.92 2008.01.31 -
DrWeb 4.44.0.09170 2008.01.31 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5501 2008.02.01 -
Ewido 4.0 2008.01.31 -
FileAdvisor 1 2008.02.01 -
Fortinet 3.14.0.0 2008.01.31 -
F-Prot 4.4.2.54 2008.01.30 -
F-Secure 6.70.13260.0 2008.01.31 W32/DLoader.DEZO
Ikarus T3.1.1.20 2008.02.01 -
Kaspersky 7.0.0.125 2008.02.01 -
McAfee 5220 2008.01.31 -
Microsoft 1.3109 2008.02.01 -
NOD32v2 2841 2008.02.01 -
Norman 5.80.02 2008.01.31 -
Panda 9.0.0.4 2008.01.31 -
Prevx1 V2 2008.02.01 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.31 -
Sunbelt 2.2.907.0 2008.02.01 -
Symantec 10 2008.02.01 Trojan Horse
TheHacker 6.2.9.203 2008.01.30 -
VBA32 3.12.2.6 2008.01.31 suspected of Downloader.Zlob.5 (paranoid heuristics)
VirusBuster 4.3.26:9 2008.01.31 -
Webwasher-Gateway 6.6.2 2008.02.01 -
Informações adicionais
File size: 3928064 bytes
MD5: 41e3ee296090fd9ba909cf1a8393e40c
SHA1: 936af230de4ebe92726b804ff513a84fdea816f6
PEiD: -

9

I got two updates from Avast today and decided to see if maybe it fixed my problem and sure enough it did. All the bells and sirens went away and the Natata Program is working fine again. Thanks so much for you help.

10

leonor: we can’t help you without knowing anything about the file… can you tell us at least the name and location of the file?

11

Yes, I think I can:

C:\Documents and Settings\My Name\Definições locais\Application Data{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi\Data1.cab|oovooinst.exe

Is this what you ask for?
Running Avast, making Quarantine, the final report indicates error.
Thank you.
Leonor

PS: Error 42111