Win32 Trojan:gen {Other}

Hi there, here’s the path and log entry for the suspect file:

Sign of “Win32: Trojan-gen {Other}” has been found in “C:\ProgramFiles\EasyDVDCreator\keygen.exe” file.

I uploaded it to VirusTotal, here’s the results:

File keygen.exe received on 12.22.2007 01:30:15 (CET)Antivirus Version Last Update Result
Result: 8/32 (25.00%)
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Suspicious_F.gen
Panda - - -
Prevx1 - - Generic.Malware
Rising - - -
Sophos - - Mal/Packer
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - Packed/FSG
Webwasher-Gateway - - Win32.Malware.gen#FSG (suspicious)

Additional information
MD5: 1b061d98b529aec05974aa9375c648cd
SHA1: 626d4f7ce1fc02ae9a3ef3a1ef2f03d752ad2caa
SHA256: 2d3883a2c6948d2412268d2618e3e20725b8b50b036c93076ee78a589257d8c2
SHA512: 01356afec51d99051b6885e76757519d6f5eecd87d9bfd8005cc6320a3c0fbf28fbba745cbf4e8cfd4760d8c9f969a22afaa1384390594ea380ce916836c1823

Given that the results were 8/32, with 5 of the 8 reported as suspicious, would this qualify as a false positive? Should I send the zipped file to Avast? Thanks in advance for any help.

Not so sure… by the name of the file, it seems suspicious…

It will be good: virus (at) avast (dot) com.

I too would say it is suspicious based on the file name alone, I can’t see what EasyDVDCreator need a key generator for ?

You can say 5/32 as in the VT scan avast doesn’t pick it up, this is because VT isn’t able to update the avast VPS in real time so the users version is more up to date.

Keygen’s often come bearing other gifts as, who would you report it to as it as keygen’s are used to circumvent having to pay for a registration key. Is this a legit copy of EasyDVDCreator.

Whatever it needs further investigation.

i’ve had the program installed for over a year and actually forgot it was on my computer. i downloaded it as free trial software, but never bought the full version because i didn’t use it much. maybe the keygen is there in order to upgrade from trial to paid software?

i have sent the zipped file to avast for investigation. do you recommend any further actions? thanks much for your help.

If you sent it to the chest leave it in there where even if it is malicious it can do no harm. Periodically open the avast chest and scan the file from within the chest, when it is no longer detected (possibly) then you can restore it to the original location.

However if you only downloaded it as a trial and don’t use it you could uninstall the program.

Welcome to the forums.

False positive alert will be fixed in next VPS update (080708-0)

that’s awesome. thanks so much for all your help everyone. ;D

You’re welcome, glad it was quickly resolved for you.

I too have the same problem;

File Name: C:\System Volume Information_restore{FF3577ED-64A5-4BFA-ABF
Malware Name: Win32:Trojan-gen {Other}
Malware Type: Virus/Worm

Can anyone help me plz. :frowning:

Whilst the full details of the file name aren’t there, not too important in this case.

There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.

  • Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is. - So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

So what action did you choose when it was detected ?
Move to the chest is by far the best option, first do no harm (applies to most standard detections).
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks.
If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.