I have a client running xp home media center sp3. During a scan today avira free popped up saying there is a trojan called s the tr/Ransom.Hexzone.agn 1 trojan. which she quarantined

The file 'C:\Program Files\Common Files\SupportSoft\bin\ssmail.dll'
contained a virus or unwanted program 'TR/Ransom.Hexzone.agn.1' [trojan]
Action(s) taken:
The file was moved to '4a1d3452.qua'! (quarantine)



I tried sending it you but i am getting an error saying
Server Object Failed
Received error msg from the smtp server
525.5.7.13 account disabled

HUH?
this is the free version of Avira- why won't it send?
and, is this a false positive?
I posted it on the Avira forum but have not received an answer yet
I was wondering if anyone else saw it here
robin

Hi there.Try uploading the file here:
http://www.virustotal.com/

-{ Quote: "Hi there.Try uploading the file here:
http://www.virustotal.com/" }-

I did and a few more
only 4 avg programs out of 10 see it the same thing.
I put it back and superantispyware nor mambam sees it as a threat after doing a full scan but avira does, karpersky, avast and avg do not see it as a threat.
Guess i will leave it in quarantine for about a month. If nothing goes nuts i will delete it.
I am going to try to send it to them on their support page

robin

-{ Quote: "I did and a few more
only 4 avg programs out of 10 see it the same thing.
I put it back and superantispyware nor mambam sees it as a threat after doing a full scan but avira does, karpersky, avast and avg do not see it as a threat.
Guess i will leave it in quarantine for about a month. If nothing goes nuts i will delete it.
I am going to try to send it to them on their support page

robin" }-

http://analysis.avira.com/samples/

Should be able to send in any files for checking for FP via that webform.

-{ Quote: "http://analysis.avira.com/samples/

Should be able to send in any files for checking for FP via that webform." }-
I just found that after i typed this
I emailed them the file- it said it was not a false positive but I thought that was strange since none of the big antivirus programs found it and superantispyware pro nor mambam found it either. You would think after i put it back one or all of these good programs would have popped up and found it.

So I tried to do it as a false positive but it just hung there for 20minutes processing, so i saw where i could email it and i zipped it up and did just that
robin

Even if no AV recognizes a certain file as a threat does not mean its clean, theres too much baddies out there n they r multiplying like rabbits

If you want, robinb, you can send me the file and I will submit it to all the big antimalware vendors.

Please PM me for my emailadress.

-{ Quote: "If you want, robinb, you can send me the file and I will submit it to all the big antimalware vendors.

Please PM me for my emailadress." }-

thanks tesk but i have that availability too and i just talked to nick at superantispyware and he is going to evaluate it for me.

robin

-{ Quote: "thanks tesk but i have that availability too and i just talked to nick at superantispyware and he is going to evaluate it for me.

robin" }-

Okay, that is fair :)

he says it is a false positive, so i posted this to the avira forum and waiting to see if they will fix it with an updated definition, otherwise i will tell avira to ignore it

robin