Win32: Trojan-gen {VC}

Viruses and worms
1

I downloaded and installed a file from download.com the other day that came up clean on one computer, but had a virus on the other. (Avast on both.) After updating Avast, the virus was found on both computers.

Answers to http://forum.avast.com/index.php?topic=14433.0:

  1. Upon completion of the download. An older version of Avast did not detect the virus. (I downloaded and installed it on my other computer.)
  2. Source: (Edited) www.download.com (Auto Macro Recorder v4.8.)
  3. Today.
  4. C:\Temp\auto.zip\Setup.exe{app}\autofile.exe
  5. http://img144.imageshack.us/img144/2639/avastwordingmh0.jpg
  6. #5 is the message I get when scanning the file.
  7. Jotti scan:
    File: auto.zip
    Status: OK(Note: file has been scanned before. Therefore, this file’s scan results will not be stored in the database)
    MD5: 99dd2ea06f0f4db37b6654cc6cac961b
    Packers detected: -
    Bit9 reports: No threat detected (more info)
2

Please, don’t post live links to malware or false positives!

3

Oh? Sorry about that. Question number 2 asks for the address/URL of the file. Did I misunderstand? ???

4

You can edit your first post…

Not following you… what help do you need?

5

From the sticky. http://forum.avast.com/index.php?topic=14433.0

6

VirusTotal scan:

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - Win32:Trojan-gen {VC}
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Covert Attributes
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

I’m leaning toward false positive. Any help/advice is appreciated. I will send an email to virus@avast.com if you think it’s the right thing to do.

7

Thx for good suggestion (VirusTotal, etc…). False positive alert will be fixed in next VPS update