Win32:Tiny-WL & Alcohol 120% software w/ wesite?

Iam getting a Win32:Tiny-WL from Alcohol 120% software that was downloaded from there site, and when i click on the link to report virus form to fill out
that comes up, but also with also come up and its some religiosity site, i dunno whats going on here i have scanned my entire system and found no viruses
I was already told that the Alcohol 120% is safe and it was a false positive.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see, how to report it to avast! and what to do to exclude them until the problem is corrected.

Already was told it was am false positive, as i posted and was told to update my iavs i had and that was almost a month ago i was told after this i wont getting an alert but iam still getting it

Hope they correct the false positive soon…

also…Cant download Fairuse wizard 2 lite version Avast say Win32:Adware-gen detected! I heard great this about this program after this came up i did do a search in forums of other things detected, but nothing was ever found with avast i have the latest home version with the latest updates, i can even d/l the software iam forced to abort the download

As a workaround, you need to use the Exclusion lists and boot.

For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…

You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.

All the more reason to send the sample to avast for further analysis as something has clearly changed.

so it is a false positive then and its safe to use??

We simply can’t answer that based on the info you have given, which is why I suggested checking at virustotal.

I don’t know who told you it was an FP or what file version of alcohol 120% or from when as the previous confirmed FP relating to this was a while ago and was corrected. So if it is back something has changed (signature update, file version update, etc) so it needs confirmation again.

I sent the file, i couldnt sent it normally since it was 8mb so i broke it up in the zips

as for fairuse wizard 2 here is the false positive virus claim,com_smf/Itemid,91/action,search2You Tell Me

This is what i got with VT:

File Alcohol120_retail_1.9.7.6022.exe received on 10.01.2008 02:28:05 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED
Result: 5/36 (13.89%)
Loading server information…
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.

Antivirus Version Last Update Result
AhnLab-V3 2008.10.1.0 2008.09.30 -
AntiVir 2008.09.30 -
Authentium 2008.09.30 -
Avast 4.8.1195.0 2008.09.30 Win32:Tiny-WL
AVG 2008.09.30 -
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 2008.09.30 -
eSafe 2008.09.30 -
eTrust-Vet 31.6.6119 2008.09.30 -
Ewido 4.0 2008.09.30 -
F-Prot 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.01 -
Fortinet 2008.09.30 -
GData 19 2008.10.01 Win32:Tiny-WL
Ikarus T3. 2008.10.01 Virus.Win32.Tiny.WL
K7AntiVirus 7.10.478 2008.09.30 -
Kaspersky 2008.10.01 -
McAfee 5394 2008.09.30 -
Microsoft 1.4005 2008.10.01 -
NOD32 3484 2008.09.30 -
Norman 5.80.02 2008.09.30 -
Panda 2008.09.30 -
PCTools 2008.09.30 -
Prevx1 V2 2008.10.01 Worm
Rising 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.01 -
Sophos 4.34.0 2008.10.01 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 2008.09.30 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 2008.09.30 -
Additional information
File size: 9009024 bytes
MD5…: 5cabf8181c232911a9f280228c6470f1
SHA1…: 70fe620072ad961967ccda8684571ea35c281814
SHA256: a2bf658de2850b8aa0e7a10ac6cda3605b0c44b034670d8951a5b54fe1b63083
SHA512: 09e2076931c57f1ed013c8052d56845e5ed21817d5f2e4662245fe7c21dc4319
PEiD…: -
TrID…: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403fb9
timedatestamp…: 0x476cbb7c (Sat Dec 22 07:23:40 2007)
machinetype…: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5aa2 0x5c00 6.44 e321260168f6f6365b377540be87fec2
.rdata 0x7000 0x1444 0x1600 5.09 4cbe08bbc7026a4b316e252f05a78951
.data 0x9000 0x1b074 0x200 1.25 ece212d94e773e09c21e94bb7f89f78c
.ndata 0x25000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x30000 0x88e800 0x88e800 8.00 a971c4953e96c59ddf5b9c0787e953f0

( 8 imports )

COMCTL32.dll: -, ImageList_AddMasked, ImageList_Destroy, ImageList_Create
VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
KERNEL32.dll: GetModuleHandleA, SetErrorMode, GetExitCodeProcess, WaitForSingleObject, ExpandEnvironmentStringsA, GetEnvironmentVariableA, lstrcmpiA, CloseHandle, SetFileTime, GetFileAttributesA, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, LoadLibraryA, ExitProcess, GetCurrentProcess, CopyFileA, lstrcpynA, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, GetTempFileNameA, lstrcpyA, lstrlenA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetSystemDirectoryA, RemoveDirectoryA, GlobalFree, MulDiv, GetProcAddress, FreeLibrary, MultiByteToWideChar, DeleteFileA, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, GetModuleFileNameA
USER32.dll: SetWindowTextA, SetTimer, DestroyWindow, CreateDialogParamA, ExitWindowsEx, CharNextA, GetSysColor, GetWindowLongA, LoadCursorA, SetCursor, CheckDlgButton, ScreenToClient, GetMessagePos, CallWindowProcA, IsWindowVisible, LoadBitmapA, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuA, CreatePopupMenu, GetSystemMetrics, EndDialog, SetClassLongA, IsWindowEnabled, SetWindowPos, DialogBoxParamA, GetClassInfoA, CreateWindowExA, SystemParametersInfoA, RegisterClassA, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, PeekMessageA, DispatchMessageA, InvalidateRect, SendMessageA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, DefWindowProcA
GDI32.dll: GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SetBkColor, SelectObject
ADVAPI32.dll: RegDeleteKeyA, RegEnumKeyA, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegCloseKey
SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetMalloc, SHGetSpecialFolderLocation, SHFileOperationA, SHGetPathFromIDListA
ole32.dll: OleUninitialize, OleInitialize, CoCreateInstance

( 0 exports )
Prevx info:

and here is the info on fairuse wizard 2 from VT :

File FU-Setup_LE.exe received on 10.01.2008 02:34:29 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED
Result: 2/36 (5.56%)
Loading server information…
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.

Antivirus Version Last Update Result
AhnLab-V3 2008.10.1.0 2008.09.30 -
AntiVir 2008.09.30 -
Authentium 2008.09.30 -
Avast 4.8.1195.0 2008.09.30 Win32:Adware-gen
AVG 2008.09.30 -
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 2008.09.30 -
eSafe 2008.09.30 -
eTrust-Vet 31.6.6118 2008.09.30 -
Ewido 4.0 2008.09.30 -
F-Prot 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.01 -
Fortinet 2008.09.30 -
GData 19 2008.10.01 Win32:Adware-gen
Ikarus T3. 2008.10.01 -
K7AntiVirus 7.10.478 2008.09.30 -
Kaspersky 2008.10.01 -
McAfee 5395 2008.10.01 -
Microsoft 1.4005 2008.10.01 -
NOD32 3484 2008.09.30 -
Norman 5.80.02 2008.09.30 -
Panda 2008.09.30 -
PCTools 2008.09.30 -
Prevx1 V2 2008.10.01 -
Rising 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.01 -
Sophos 4.34.0 2008.10.01 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 2008.09.30 -
ViRobot 2008.9.30.1397 2008.09.30 -
VirusBuster 2008.09.30 -
Additional information
File size: 8214801 bytes
MD5…: c12ff23dde2257a91e59da88c9dcdda1
SHA1…: 9312a535e9dd9034f50c2e62ec6199a9cd035b8b
SHA256: 5cc46ecb7d51f4aeffa597a9864777f75ada6f8a4be430870fde0251742aa0b1
SHA512: 7898a55a24050d42c211d2da9a46875954e5e879cdc4fe2ad69494c9e1a8e5d1
PEiD…: -
TrID…: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40998c
timedatestamp…: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype…: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x909c 0x9200 6.55 5c85f6eca8dd457c844f53af07a11be7
DATA 0xb000 0x24c 0x400 2.73 e79cf3fe610f881d632107e630eb8d98
BSS 0xc000 0xe3c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd000 0x950 0xa00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xe000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xf000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8b0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x17b84 0x17c00 4.85 2a67077ee2bbad38baa408c861979558

( 8 imports )

kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
user32.dll: MessageBoxA
oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
kernel32.dll: WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
user32.dll: TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
comctl32.dll: InitCommonControls
advapi32.dll: AdjustTokenPrivileges

( 0 exports )

According to Prevx, Alcohol120_retail_1.9.7.6022.exe is known malware belonging to the Malware Group: I-Worm/Stration DTP

A ScanDoo/Google search finds too many bad sites associated with this version Alcohol 120.
The first image below is just a small sample of the bad results.

As for Fairuse wizard 2, I do not have the executable and therefore can not find information about it.
But, there are also too many bad sites associated with the program itself.
See the second image below. Again, this is just a small sample of the bad sites.

As for me, I would not use any program with so many bad associations. But, the computer is yours as is the choice, also.

Thx puppetj for sending file to Retail version of Alcohol120 is falsely detected by Avast (so Prevx1 and Ikarus). Other versions is false alerts free. This false positive alert will be fixed in VPS 081001-0.

Thanks for the updated info, misak. :slight_smile:

Thanks to puppetj for taking the time to analyse and report this.

Thanks for the update misak.