Virus Detected?

Your antivirus report a virus in Lupo PenSuite? We can say you that it is a false positive.
The Suite is checked with different antivirus engines and it is completely clean.

HERE you can find more info about this problem.
Anyway you can write us and report the detection, so we can help you to solve the problem, fix it in the Suite and eventually report it to antivirus teams.

Hey,

my BitDefender also blocks the Files "Start.exe" and "Launcher/Manager/Manager.exe".
He reports "Trojan.Generic.1606558" detected.

Can you check this?
VirusTotal.com reports this result with BitDefender and GData. All others are clear, no virus-detection.

Edit: PenSuite 6.72

Thanks

They are obviously false positives, the "Start.exe" and the "Manager.exe" files are created by me for the Suite, compiled with AutoIt and compressed with UPX.
Please, it will be very important and helpful if you send these files to the antivirus house, so they could check them, verify that are clear and update their database. Thanks

Lupo73 wrote:Please, it will be very important and helpful if you send these files to the antivirus house, so they could check them, verify that are clear and update their database. Thanks

Done

Hi, Just signed up, and didn,t notice this group. I've just posted in the Requests and Advices group my message read
"Hi, Just came accross this site from nonags.com, I must say the layout and product seems outstanding. I decided to download the full version all 200 MB. I wasn't going to bother scanning it for viruses, but thought, better safe than sorry. So using AVG free edition with the latest definitions installed I scanned the file took about 15mins but the results took me back abit
"C:\Documents and Settings\Jon\Desktop\Lupo_PenSuite_v6.72_Full.exe";"Trojan horse VB.FWK";"Infected"
"C:\Documents and Settings\Jon\Desktop\Lupo_PenSuite_v6.72_Full.exe:\$JP\Apps\DShutdown\RDShutdown Setup Utility.exe";"Trojan horse VB.FWK";"Infected"
I havn't opened the .exe file, and will probably delete it, unless some reason why I would be getting false "infected" results.
I have also downloaded the lite and zero versions of your PenSuite, both of which scan clean as of 22:50 23/04/2009"
It just seems strange it only picks up the infection in only two of the .exe files of the largest download, and it's clean in the lite and zero editions. I will contact avg and let them know about your concerns regarding false results. Cheers JoFi

Further to my earlier post, It does appear that there is an infected file namely "RDShutdown Setup Utility.exe" After installing to my USB drive, I deleted the infected file and downloaded the program again, same build 1.72.1 from http://files.brothersoft.com/utilities/shutdown_software/dshutdown.zip, I then extracted the "RDShutdown Setup Utility.exe" file and put it in the J:\Lupo PenSuite v6.72 Full\Apps\DShutdown folder, J:\ being the root of my USB Drive and hey presto no more Virus alerts, and the Shutdown program works fine. One thing that is curious that if you download this file from the authors site (http://dimio.altervista.org/eng/), the same file is infected. Go figure?

The author released a minor update keeping the same version. I don't know why, but I decided to update it in the Suite too. I'll replace it with the previous one in the next Suite release, hoping to resolve the issue.

Bitdefender 2010 and virustotal.com found a virus in PicPick.exe, please check this.

Datei PicPick.exe empfangen 2010.04.15 14:47:58 (UTC)
Status: Beendet
Ergebnis: 7/40 (17.5%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.15 -
AhnLab-V3 5.0.0.2 2010.04.15 -
AntiVir 7.10.6.109 2010.04.15 -
Antiy-AVL 2.0.3.7 2010.04.15 -
Authentium 5.2.0.5 2010.04.15 -
Avast 4.8.1351.0 2010.04.14 -
Avast5 5.0.332.0 2010.04.14 -
AVG 9.0.0.787 2010.04.15 -
BitDefender 7.2 2010.04.15 Generic.Malware.SIMHsprg.09DF1AA4
CAT-QuickHeal 10.00 2010.04.15 -
ClamAV 0.96.0.3-git 2010.04.15 -
Comodo 4606 2010.04.15 -
DrWeb 5.0.2.03300 2010.04.15 -
eSafe 7.0.17.0 2010.04.14 Win32.Malware.SIMHsp
eTrust-Vet 35.2.7427 2010.04.15 -
F-Prot 4.5.1.85 2010.04.15 -
F-Secure 9.0.15370.0 2010.04.15 Generic.Malware.SIMHsprg.09DF1AA4
Fortinet 4.0.14.0 2010.04.15 -
GData 19 2010.04.15 Generic.Malware.SIMHsprg.09DF1AA4
Ikarus T3.1.1.80.0 2010.04.15 -
Jiangmin 13.0.900 2010.04.15 -
Kaspersky 7.0.0.125 2010.04.15 -
McAfee 5.400.0.1158 2010.04.15 -
McAfee-GW-Edition 6.8.5 2010.04.15 -
Microsoft 1.5605 2010.04.15 -
NOD32 5031 2010.04.15 -
Norman 6.04.11 2010.04.15 -
nProtect 2010-04-15.02 2010.04.15 Trojan/W32.Agent.1099776.C
Panda 10.0.2.7 2010.04.15 Suspicious file
PCTools 7.0.3.5 2010.04.15 -
Prevx 3.0 2010.04.15 -
Rising 22.43.03.04 2010.04.15 -
Sophos 4.52.0 2010.04.15 -
Sunbelt 6179 2010.04.15 -
Symantec 20091.2.0.41 2010.04.15 -
TheHacker 6.5.2.0.262 2010.04.15 -
TrendMicro 9.120.0.1004 2010.04.15 -
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.15.2278 2010.04.15 -
VirusBuster 5.0.27.0 2010.04.15 Trojan.Agent.TGWB
weitere Informationen
File size: 1099776 bytes
MD5...: 1f13422077441e2647e87cac1e1bf6bc
SHA1..: ede74f75b3a9f13c34ba3cfb0eeeb6dd2ae28887
SHA256: 9a758b6067b4d676857eda1a7b4b9052bfde8f9d4f45ef4a59ea72af69c3c009
ssdeep: 24576:5Tg8GWEhvl5qFiZRqFgPQYSvFgKnBPIWQl/IG:QhNggZRW3QlgG
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40fe90
timedatestamp.....: 0x4b64f130 (Sun Jan 31 02:55:44 2010)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x327000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x328000 0xe9000 0xe8c00 8.00 c76bfefe96e8b1190acb9e1ef2e2adcb
.rsrc 0x411000 0x24000 0x23800 4.63 8a93a6ba9710c6c559e9097f15af5924

( 15 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> advapi32.dll: RegFlushKey
> comctl32.dll: ImageList_Add
> comdlg32.dll: PrintDlgA
> gdi32.dll: SaveDC
> gdiplus.dll: GdipFree
> ole32.dll: OleDraw
> oleaut32.dll: VariantCopy
> olepro32.dll: OleLoadPicture
> shell32.dll: SHGetMalloc
> user32.dll: GetDC
> version.dll: VerQueryValueA
> winmm.dll: timeGetTime
> winspool.drv: AddFormA
> wsock32.dll: WSACleanup

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (42.6%)
Win32 EXE Yoda's Crypter (37.0%)
Win32 Executable Generic (11.8%)
Win16/32 Executable Delphi generic (2.8%)
Generic Win/DOS Executable (2.7%)
packers (Kaspersky): UPX
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): UPX_LZMA[code]


I downloaded the newest version "picpick_inst2.2.7.exe" from the project homepage http://picpick.wiziple.net/?mid=forum and this one seems to be ok (scanned by virustotal.com)

Thanks for the report. The false positive is caused by UPX compression. We will update PicPick soon to the latest release.