I’ve just downloaded a programme called ultra_rmconverter-trial.exe from Sharewaregudie.net and avast has alerted me to the virus win32 trojan-gen {vc} I’m relatively new and inexperienced in the computer world and was wondering if anyone can tell me exactly what it is and what my next step should be.
Hope someone can help, thanks for your time
Kev…
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limit of 10Mb.
This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
[color=navy]Hi again, I followed your instruction and sent the file of for test. I’m still non the wiser as to what the results mean, as I said in my earlier post I’ve no knowledge of this kind of thing. I’ve copied and pasted the results below if you would be so kind as to have a look at them I’d be much appreciated… Cheers…Kev…
File ashChest.exe received on 05.03.2008 18:49:30 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED
Result: 1/31 (3.23%)
Loading server information…
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.5.3.0 2008.05.02 -
AntiVir 7.8.0.11 2008.05.02 -
Authentium 4.93.8 2008.05.02 -
Avast 4.8.1169.0 2008.05.03 -
AVG 7.5.0.516 2008.05.03 -
BitDefender 7.2 2008.05.03 -
CAT-QuickHeal 9.50 2008.05.03 -
ClamAV 0.92.1 2008.05.03 -
DrWeb 4.44.0.09170 2008.05.03 -
eSafe 7.0.15.0 2008.04.28 -
eTrust-Vet 31.3.5755 2008.05.03 -
Ewido 4.0 2008.05.03 -
F-Prot 4.4.2.54 2008.05.02 -
F-Secure 6.70.13260.0 2008.05.03 -
Fortinet 3.14.0.0 2008.05.03 -
Ikarus T3.1.1.26 2008.05.03 -
Kaspersky 7.0.0.125 2008.05.03 -
McAfee 5287 2008.05.02 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3072 2008.05.03 -
Norman 5.80.02 2008.05.02 -
Panda 9.0.0.4 2008.05.03 -
Prevx1 V2 2008.05.03 Malicious Software
Rising 20.42.22.00 2008.04.30 -
Sophos 4.29.0 2008.05.03 -
Sunbelt 3.0.1097.0 2008.05.03 -
Symantec 10 2008.05.03 -
TheHacker 6.2.92.300 2008.05.03 -
VBA32 3.12.6.5 2008.05.03 -
VirusBuster 4.3.26:9 2008.05.02 -
Webwasher-Gateway 6.6.2 2008.05.03 -
Additional information
File size: 66936 bytes
MD5…: 0a3c17ed18eb5817d912413559212f30
SHA1…: b880a96b2eeef829cf510f205cf6fddd09a75152
SHA256: 1a33bc73ff82a4c1cc49df4da6a953cb9c14a54251e1dafba6b5bb52349ce779
SHA512: b287a5796909962fe45b166400929f381c390787ac83819a7819c7d296a963d2
323a6171732e6f2acea6e3040216077fb7f45c929f84d39abf4eabe8685263db
PEiD…: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x402fc4
timedatestamp…: 0x47ed2c24 (Fri Mar 28 17:34:28 2008)
machinetype…: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2825 0x3000 5.32 d0e9f1fccc1ab66f3895931ce7c58abe
.rdata 0x4000 0x2d52 0x3000 5.44 7c01e4aeb00defd28409a0356b996e96
.data 0x7000 0x1a0 0x1000 0.13 1b07cf497af232e037267591d6279500
.ChestVi 0x8000 0x8 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x9000 0x5ff8 0x6000 5.70 c91abd48a61ea08e707e4f1bb2c44962
( 13 imports )
ashBase.dll: _basCheck@0, _basFreeLibrary@0, _basLogEvent@24, _basGetLanguagePath@0, _basGetErrorString@12, _basIsCurrCodePageRTL@0, _basLoadLanguage@4, _basGetProfileInt@12, _basGetProcAddress@8, _basInitLibrary@4
ashUInt.dll: _usiAbout@4, _usiInitLibrary@4, _usiFreeLibrary@0, _usiErrorMessage@28
aswCmnB.dll: fsGetAvastProgramPath
XT1922.dll: _HideMenuItem@CXTFrameWnd@@UAEHI@Z, _GetThisMessageMap@CXTFrameWnd@@KGPBUAFX_MSGMAP@@XZ, _PreCreateWindow@CXTFrameWnd@@UAEHAAUtagCREATESTRUCTA@@@Z, _Get@XT_AUX_DATA@@SAAAU1@XZ, _LoadMenuBar@CXTMenuBar@@QAEHI@Z, _LoadToolBar@CXTToolBar@@QAEHI@Z, _Create@CXTReBar@@QAEHPAVCWnd@@KKI@Z, _GetThisClass@CXTSplitterWnd@@SGPAUCRuntimeClass@@XZ, _DrawTracker@CXTSplitterWnd@@MAEXABVCRect@@PAVCBrush@@@Z, _EnableFlatLook@CXTSplitterWnd@@UAEXH@Z, _GetSplitterStyle@CXTSplitterWnd@@UAEKXZ, _SetSplitterStyle@CXTSplitterWnd@@UAEXK@Z, _ReplaceView@CXTSplitterWnd@@UAEPAVCView@@HHPAUCRuntimeClass@@@Z, _ReplaceView@CXTSplitterWnd@@UAEPAVCView@@HHPAV2@@Z, _SwitchView@CXTSplitterWnd@@UAEHHHPAVCView@@@Z, _HideRow@CXTSplitterWnd@@UAEXH@Z, _ShowRow@CXTSplitterWnd@@UAEXXZ, _HideColumn@CXTSplitterWnd@@UAEXH@Z, _ShowColumn@CXTSplitterWnd@@UAEXXZ, _StopTracking@CXTSplitterWnd@@MAEXH@Z, _StartTracking@CXTSplitterWnd@@MAEXH@Z, _SetSplitCursor@CXTSplitterWnd@@MAEXH@Z, _OnInvertTracker@CXTSplitterWnd@@MAEXABVCRect@@@Z, _OnDrawSplitter@CXTSplitterWnd@@MAEXPAVCDC@@W4ESplitType@CSplitterWnd@@ABVCRect@@@Z, __0CXTSplitterWnd@@QAE@XZ, __1CXTSplitterWnd@@UAE@XZ, _GetThisMessageMap@CXTSplitterWnd@@KGPBUAFX_MSGMAP@@XZ, _GetThisClass@CXTFrameWnd@@SGPAUCRuntimeClass@@XZ, _SaveWindowPos@CXTWindowPos@@QAEHPAVCWnd@@PBD@Z, _LoadWindowPos@CXTWindowPos@@QAEHPAVCWnd@@PBD@Z, _RemoveIndicator@CXTStatusBar@@QAEHI@Z, _AddControl@CXTStatusBar@@QAEHPAVCWnd@@IH@Z, _SetPaneWidth@CXTStatusBar@@QAEXHH@Z, _AddIndicator@CXTStatusBar@@QAEHIH@Z, _GetTextSize@CXTLogoPane@@QAE_AVCSize@@XZ, _PreCreateWindow@CXTFrameWnd@@UAEHAAUtagCREATESTRUCTA@@I@Z, _GetDockState@CXTFrameWnd@@MBEXAAVCXTDockState@@@Z, _SetDockState@CXTFrameWnd@@MAEXABVCXTDockState@@@Z, _HideMenuItems@CXTFrameWnd@@UAEHPBIH@Z, _HideMenuItems@CXTFrameWnd@@UAEHQBDH@Z, _AddBar@CXTReBar@@QAEHPAVCWnd@@PBDPAVCBitmap@@K@Z, _HideMenuItem@CXTFrameWnd@@UAEHPBD@Z, _GetMenu@CXTFrameWnd@@UBEPAVCMenu@@XZ, _DockControlBarLeftOf@CXTFrameWnd@@UAEXPAVCControlBar@@0@Z, _SaveBarState@CXTFrameWnd@@UBEXPBD@Z, _LoadBarState@CXTFrameWnd@@UAEXPBD@Z, _SwitchSDIView@CXTFrameWnd@@UAEXPAUCRuntimeClass@@PAVCDocument@@PAUCCreateContext@@@Z, _PreTranslateMessage@CXTFrameWnd@@UAEHPAUtagMSG@@@Z, __1CXTLogoPane@@UAE@XZ, __1CXTOutBarCtrl@@UAE@XZ, __1CXTDialogBar@@UAE@XZ, __1CXTReBar@@UAE@XZ, __1CaswCaption@@UAE@XZ, __1CXTToolBar@@UAE@XZ, __1CXTStatusBar@@UAE@XZ, __1CXTWindowPos@@UAE@XZ, __1CXTFrameWnd@@UAE@XZ, __0CXTLogoPane@@QAE@XZ, __0CXTOutBarCtrl@@QAE@XZ, __0CXTDialogBar@@QAE@XZ, __0CXTReBar@@QAE@XZ, __0CaswCaption@@QAE@XZ, __0CXTToolBar@@QAE@XZ, __0CXTStatusBar@@QAE@XZ, __0CXTWindowPos@@QAE@XZ, __0CXTFrameWnd@@QAE@XZ, __1CXTCaption@@UAE@XZ, __1CXTControlBar@@UAE@XZ, _InstallCoolMenus@CXTFrameWnd@@QAEXPBIH@Z
ashChest.dll: _ShowFilesList@CChestListView@@QAEXH@Z, GetThisClass@CChestListView@@SGPAUCRuntimeClass@@XZ, OnDropFiles@CChestListView@@QAEXPAUHDROP@@@Z
MFC71.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
MSVCR71.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _amsg_exit, _acmdln, exit, _cexit, _ismbblead, _XcptFilter, _exit, _c_exit, __dllonexit, __security_error_handler, memset, _except_handler3, free, _setmbcp, _mbsnbcpy, __CxxFrameHandler, _onexit
KERNEL32.dll: GetProcAddress, LoadLibraryA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetStartupInfoA, GetModuleHandleA, ExitProcess, DeleteCriticalSection, InitializeCriticalSection, GetLastError, LoadLibraryExA, FreeLibrary, GetVersionExA
USER32.dll: LoadIconA, GetMenuState, EnableWindow, RegisterWindowMessageA, SetForegroundWindow, GetKeyState, IsWindow, GetWindowRect, GetSubMenu, DeleteMenu, SendMessageA
GDI32.dll: GetObjectA, CreateFontIndirectA
SHELL32.dll: DragAcceptFiles
COMCTL32.dll: -, ImageList_ReplaceIcon
ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey
( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=021A46377813148905ED01CB9D4C59004F3A7F1D
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware
ashChest.exe is the avast Chest, it’s safe, it’s clean…
You’re not suppose to submit this file to VirusTotal but the file is shown in the virus alarm, the infected file, the ultra_rmconverter-trial.exe file.