Win32:Trojan-gen{UPX!}

Hi,

After updating AVAST with the library of 07-06-2004, I receive two files which contain the Win32:Trojan-gen{UPX}! virus according Avast.
Before the new library I didn’t receive this message.
Looking in the history of the forum, I read an article which was moreless the same.
The result was that it was not a virus but false alarms.

http://forum.avast.com/index.php?board=4;action=display;threadid=1006

The files I am talking about are the singleplayermappack0304.exe and singleplayermappack0404.exe (additional files for the game Blitzkrieg).

Please help me on this issue, is the virus true of false ?

Thanks in advance

Large bunch of Trojan-gen detections was added in this update, so it could be either newly detected trojan or falser positive. The best way is to send the sample to virus@avast.com for analysis…

Thanks for your cooperation
Pavel

Is virus@asw.cz still valid mail for submissions? I have sent some files on this mail something like hour ago.

Yes, it is valid as well. And I have seen your post - it is most probably FP. We will wait till tommorrow if some other FPs will pop up and release new update with corrected definitions afterwards.

Thanks for your cooperation
Pavel

I believe this to most definitely be a false detection.

Here is my reasoning

I posted a thread for a help tool here and a user reported that a Trojan was contained in rockXP.exe - baffled by this since i use AVAST and trend online I too it for a false and thought nothing of it.

Moments ago AVAST updated itself and reported several files in My docs backups folder had the same Trojan as mentioned above. These files were self extracting archives which i made using winrar so I extracted the contents and scanned the contents separately to the self extracting archive. The contents were clean every time but the sfx archive exe file was reported to have the Trojan. so I re-compressed the contents to .rar format not .exe and no more problems.

Now, confused by this I scanned the winRAR installer as it is a self extracting installer too and the file Default.SFX was reported to be the Trojan (as mentioned above). winrar was downloaded fresh form rar labs too so could not have been infected locally by any chance

if thats not enough then NERO uninstaller also had the same alert - again, a self extracting uninstaller.

It seems that any file which has the default.sfx or anything similar is reported to have this Trojan which makes more and more sense that this is in fact a false detection is it not?

Finally I extracted RockXP.exe and scanned each file, all clean, the contained self extracting rockXP.exe obviously was created using winRAR or something as the same results as above.

Hopefully this issue will be fixed in the next update!

I have a similar situation. During a scan for malware, avast found the Win32: trojan-gen. I deleted the file that was infected.
It never found this trojan before. Very strange. ???

3 of my .exe files are getting this alert as well. I know its a false postive as I have tested the files with 2 online scanners and a couple of free scanners, nothing. The sooner this is fixed the better as I have had to remove Avast temporarily as I couldn’t take the constant sirens going off :smiley:

Simon

I’m also getting RockXP 3.0 reported as a trojan. I’m sure it’s a false positive, as this was directly downloaded from MajorGeek and has passed all previous virus/spyware scans.

For me >:( >:(, false positives of Win32:Trojan-gen{UPX!} in the files:

C:\Program files\themexp\Themexp.org File\53793.zip+§ ã·¦§\Windows MAX Unleashed v1.5.exe [L] Win32:Trojan-gen. {UPX!}

And AutoIt scripts that I myself wrote (Pavel I sent some of this files before) >:(

D:.…\AutoIt\Dial-up.exe[UPX] [L] Win32:Trojan-gen. {VC}
D:.…\AutoIt\Speed Disk at Startup.exe[UPX] [L] Win32:Trojan-gen. {VC}
D:.…\AutoIt\Atualizar Anti-VÝrus.exe[UPX] [L] Win32:Trojan-gen. {VC}

I hate false positives, it makes me lose a lot of time :‘( :’(

Yup. I’m getting it with default.sfx which is contained within the WinRAR distribution. Yet it checks out OK with TrojanHunter, TDS-3, Tauscan and Trend Micro HouseCall.

I believe this also to be a false positive. File has been sent to Alwil for inspection.

Yup. I'm getting it with default.sfx which is contained within the WinRAR distribution. Yet it checks out OK with TrojanHunter, TDS-3, Tauscan and Trend Micro HouseCall.

I believe this also to be a false positive. File has been sent to Alwil for inspection.

Same here, did full scan with TrojanHunter and DrWeb… Nothing.

Avast just went off again on another Win32:Trojan-gen, i clicked on Delete file and the window went away. I went into the virus chest and there is nothing listed . i also went into log viewer and nothing is listed there. How do i know it deleted ? Is this a false pos. or is it really a Trojan? This is irritating, maybe i’ll try online scans to see if it comes up with anything.

Pavel what about my thread here is it most likely a FP too?

I’m estatic you added more trojan definitions! I can deal with a couple false positives here and there, and once we work past these few, everything should be rosey…

Keep up the good work.

Hi,

Just updated the library with 0424-1 and restored my files which were in the virus chest.
This time there was no detection of Win32:Trojan-gen{UPX!} .
I don’t know what you did, but somehow you found the solution.

Thanks a lot,

This is one of the reasons why I am using Avast :wink:

They removed false positives :stuck_out_tongue:
Overall i feel more secure if i encounter a false positive than none. This just proves that AV is more sensitive to threats. In the mean time those FPs are safely stored in Chest :slight_smile:

Please, ask Vlk to allow the VPS update of the Beta version of avast…

I want to get rid from the 424-0 8)
The Beta version stay on the old VPS and I cannot update! :frowning:

I have W32:trojan-gen {VC} in windows autoload.exe 3 computers. it started today after auto update. I am using winxp home(2) and xp pro(1)