I did a thorough scan of my PC (Win XP Home-SP3) with Avast 4.8.1229 Home (Definition 081109-0, 11/09) and it detected a virus:
11/8/2008 5:43:32 PM User 3736 Sign of “Win32:PureMorph [Cryp]” has been found in “C:\Program Files\wings3d_0.98.36\bin\inet_gethost.exe” file.
inet_gethost was installed by the Wings3D installer which I downloaded from www.wings3d.com around 12/2007.
I uploaded the file to virustotal and got the result:
http://www.virustotal.com/analisis/cb68988ad28778a13832b82204ebe81b
Antivirus Version Last Update Result
AhnLab-V3 2008.11.7.1 2008.11.08 -
AntiVir 7.9.0.26 2008.11.07 -
Authentium 5.1.0.4 2008.11.08 -
Avast 4.8.1248.0 2008.11.08 Win32:PureMorph
AVG 8.0.0.161 2008.11.08 -
BitDefender 7.2 2008.11.09 -
CAT-QuickHeal 9.50 2008.11.08 -
ClamAV 0.94.1 2008.11.09 -
DrWeb 4.44.0.09170 2008.11.09 -
eSafe 7.0.17.0 2008.11.06 -
eTrust-Vet 31.6.6198 2008.11.07 -
Ewido 4.0 2008.11.08 -
F-Prot 4.4.4.56 2008.11.08 -
F-Secure 8.0.14332.0 2008.11.09 -
Fortinet 3.117.0.0 2008.11.08 -
GData 19 2008.11.09 Win32:PureMorph
Ikarus T3.1.1.45.0 2008.11.09 Virus.Win32.PureMorph
K7AntiVirus 7.10.520 2008.11.08 -
Kaspersky 7.0.0.125 2008.11.09 -
McAfee 5428 2008.11.08 -
Microsoft 1.4104 2008.11.09 -
NOD32 3597 2008.11.08 -
Norman 5.80.02 2008.11.07 -
Panda 9.0.0.4 2008.11.08 -
PCTools 4.4.2.0 2008.11.08 -
Prevx1 V2 2008.11.09 -
Rising 21.02.52.00 2008.11.08 -
SecureWeb-Gateway 6.7.6 2008.11.09 -
Sophos 4.35.0 2008.11.08 -
Sunbelt 3.1.1785.2 2008.11.08 -
Symantec 10 2008.11.09 -
TheHacker 6.3.1.1.146 2008.11.08 -
TrendMicro 8.700.0.1004 2008.11.07 -
VBA32 3.12.8.9 2008.11.09 -
ViRobot 2008.11.7.1457 2008.11.07 -
VirusBuster 4.5.11.0 2008.11.08 -
Additional information
File size: 24576 bytes
MD5…: 752b0a75f367ab802557c353b002e041
SHA1…: 45aa3b099045167488611cd2e2a6e6f456472577
SHA256: ff0d2746092f50fb594cfe6448f804f77c201804e4b220bf56e7e287a67de20a
SHA512: 611b14d1949f027133ad8f6cb9eb0decf089357e6341e90337750cb30c35dc84
66ad5bcae58b5b3e83e37b79de3ec39c9ee410a04a9cbfd84f8f1ff3d781ea4a
PEiD…: -
TrID…: File type identification
Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x403580
timedatestamp…: 0x455070fa (Tue Nov 07 11:41:46 2006)
machinetype…: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2700 0x3000 5.47 d7067c5f0957609a20a80d0b20e5742b
.rdata 0x4000 0x4c4 0x1000 1.89 1e894b9f1bfa50fc01096762b5390f09
.data 0x5000 0xd58 0x1000 4.36 143631fd488f0fbf134c8f5655c814fb
( 3 imports )
MSVCRT.dll: _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __setusermatherr, _controlfp,
_initterm, __getmainargs, __p___initenv, _XcptFilter, _exit, realloc, malloc, vsprintf, sprintf,
_errno, exit, strncpy, _beginthreadex, free, _iob, fprintf, getenv, _except_handler3, atoi, _getpid
KERNEL32.dll: SetConsoleCtrlHandler, DeleteCriticalSection, CloseHandle, ResetEvent,
EnterCriticalSection, LeaveCriticalSection, SetEvent, CreateEventA, InitializeCriticalSection,
GetCurrentThreadId, WriteFile, ReadFile, GetStdHandle, WaitForSingleObject, GetLastError,
WaitForMultipleObjects, AllocConsole, GetEnvironmentVariableA
WS2_32.dll: -, -, -, -, -
( 0 exports )
According to the Wings3D forum, inet_gethost.exe is necessary to run Wings3D:
http://nendowingsmirai.yuku.com/reply/2263/t/inet-gethost-exe-to-run-Wings3D.html
I’ve put the file in the Virus Chest, and I’ve already e-mailed it to Avast. Since virustotal only showed 3 positives, is it a false positive?