WLXPhotoAcquireWizard.exe has Win32:Trojan-gen? False Positive perhaps??

Avast has alerted me that WLXPhotoAcquireWizard.exe has a trojan. Its part of Windows Live Photo Gallery.

I have not opened any attachments or email, have been browsing on know sites, so I’m thinking it may be a false positive. Anyone else have anything on this???

This just came up this morning with the latest virus definitions.

The text was as follows

7/19/2009 12:31:12 AM SYSTEM 1300 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe” file.

Hi Drew_NL,

Can you upload the file to www.virustotal.com to see whether it is a false positive?

You could also send the file in a password protected archive to virus(at)avast(dot)com with ‘potential false positive’ in the subject line and the password in the email body.

or

You could add the file to the user files of the virus chest and send it from there:

Right click avast icon in taskbar -->click start avast antivirus -->right click scanner background → click virus chest → navigate to user files → click add files →
right click file -->email to alwil software.

NOTE:
The file will actually be uploaded when the next update is performed (you can do a manual update to get it sent)

-Scott-

Two other computers do not return these results. All three running Windows 7 RC. Standard scans on all three show no viruses. Only the computer with the resident scanner set to high reports the line

7/19/2009 12:31:12 AM SYSTEM 1300 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe” file.

Avast is unable to move to chest and I have chosen to ignore this for the time being.

Anyone else running Windows 7 with the resident scanner set to High should be able to confirm this.

Drew

This was the point of uploading to virustotal to see whether it is detected or not by other AV’s

Please can you do this and provide us with the link for the results?

Uploaded it

http://www.virustotal.com/reanalisis.html?9f04604c5d624f4ec278622a0d7f654d77e8a876de7b54252638dee968a15632-1248003964
http://www.virustotal.com/analisis/9f04604c5d624f4ec278622a0d7f654d77e8a876de7b54252638dee968a15632-1248002999

Hope that helps, also seem to have new virus,

Scanning of selected files

Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\Users\Drew\AppData\Local\Temp_avast4_\unp55487378.tmp
FileID: 0000000003 Original file name: C:\Windows\Temp\TMP0000DF6FF0968C1DB825FB7B New folder: C:\Users\Drew\AppData\Local\Temp_avast4_\unp55487378.tmp\3

Scan files in the temporary folder: C:\Users\Drew\AppData\Local\Temp_avast4_\unp55487378.tmp
C:\Users\Drew\AppData\Local\Temp_avast4_\unp55487378.tmp\3 VBS:Kak-A1 [Wrm]

Action was completed successfully!

This should have been emailed via the Chest.

Drew

0/40 detected – most likely a false positive.

If you have sent it to alwil they will have a look at it and update as necessary.

-Scott-

Got the same exact warning this morning when waking up, I also suspect it is a false positive. System is also running on Windows 7 RC.
I did a scan yesterday evening with ClamWin + Avast with the latest updates, and it did not report any problems by then. There were no activities on the computer after the scans, and I guess Avast detected what I’m hoping is a false positive after applying the 090718-1, 07/18/2009 Patch during the night.

Will follow this thread for updates. Thanks !

I’m actually getting allot of what are probably false positives, my pagefile.sys from an XP drive that has not been booted in a month is apparently now infected as well.

http://virusscan.jotti.org/en/scanresult/588e0b6c3ecdf09e0ede752401d8d7377f0c2eef/c50692a09ac21287e1b83aaec5c0bf8fc5875b6b

Jotti shows two virus scanners that detect the malware, avast and Gdata

So, after all, it seems like it was a false positive since G-Data uses avast as one of its own engine. Please report it as false positive [on the lower right side of the virus detected dialog box]