worm?

I downloaded Tuneup Utilities . After scanning the .exe file a Win32 -Gen Trojan was found . I moved the file to the vault. I then uploaded file to Virus Total and these are the results :

File TU2008TrialEN.exe received on 07.30.2008 02:13:50 (CET)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - Win32:Trojan-gen {Other}
AVG - - Downloader.Agent.AIRD
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - Trojan.DownLoader.origin
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Trojan-Downloader.Win32.Agent.xdp
Fortinet - - -
GData - - Trojan-Downloader.Win32.Agent.xdp
Ikarus - - Trojan-Downloader.Win32.Tiny.bpp
Kaspersky - - Trojan-Downloader.Win32.Agent.xdp
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 85c069c24432b23c08e1b503102fc4d2
SHA1: efaaa3e2816d13cb148b32db1dc9d5d1c7152cc1
SHA256: 292eb21a3b671e14bf05bc0549b9e05a64027670ce215178ef6bcf98b53f505b
SHA512: 4d2d014be42dfea33f14e2c0dd81a2695d3bfd35bc1fe02c70af45a6d2be4d014132b575516ef87b3e4fb8765a1e6d5b7e855940aee8013a53c6ef023d6cabe1

Is this a false positive? What is the next step?

I tried to email file to ALWIL but file was too large. How to send ?

It seems to me that many of the executable files downloaded from the web end up with some form of worm/trojan alert when scanned with AVAST. Any reason why this is so?

TKS

Firstly, contrary to your Topic Title, this is not a worm.

There are sufficient detections not to consider it a false positive. Though it isn’t conclusive and further investigation might be required.

Why do you think it might be an FP ?
Not all that you download is what it says it is. There are lots of places you could download this and not all are trustworthy.

Did you download it from a trusted source ?

I am sorry I chose wrong nomenclature for the topic. I downloaded it from a binary group. I will keep the fie in the vault and find a trusted site to download the program. TKs

You’re welcome.

Binary groups could effectively be sending anything or modifying the content of something in the installation.

If you have the same issue when downloaded from a trusted source, I think MajorGeeks has it also, then check against VirusTotal again. If you get the same results then also send it to avast as a possible false positive, as in the link below.

If it is a possible false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast!.

If you download from the official site, most probably a false positive.
Can you post the address of the webpage you’re downloading from?

The reason for the false positive detections is the deep change on detection method of generic signatures that we’re seeing from last month…

He did more or less say where he got it from.

A binary group is basically Usenet and not a web site as such.