Avast WEBforum

Other => Viruses and worms => Topic started by: leglagger on January 29, 2010, 02:19:34 PM

Title: Win32:Malware-gen found in scan
Post by: leglagger on January 29, 2010, 02:19:34 PM
I have a Acer Aspire 7540G with Windows 7 .
My Avast 5.0.396 is up to date with virus database.

It has found 2 threats
C:\Program Files(x86)\epson\creativity suite\File Manager\DspReadMe.exe    and C:\Program Files(x86)\epson\creativity suite\Easy Photo Print\DspReadMe.exe
Severity High.  Threat Win32:Malware-gen

When I try to move these to the chest I get "Error: Access is denied (5)"

I cannot run boot-time scan as it says "Boot time scanner only available in 32 bit operating systems".

I restarted in safe mode, and then ran avast and tried to scan the epson folder but got "no more endpoints available from the endpoint manager".

Is this a genuine threat, and why can't I move it to the chest?

Please help!

Thanks



Title: Re: Win32:Malware-gen found in scan
Post by: Milos on January 29, 2010, 02:50:45 PM
Hello,
file with this filename arrived to us and if false positive, which will be fixed. If the problem remains after next VPS update (100129-1) then send the file to virus@avast.com with "False positive" in subject.

Thank you,
Milos
Title: Re: Win32:Malware-gen found in scan
Post by: leglagger on January 29, 2010, 02:54:21 PM
When  will the next update (VPS update (100129-1)) be ?

Also - why can I not move the 2 files to the chest ?

Thanks
Title: Re: Win32:Malware-gen found, no endpoints avail from endpoint mapper
Post by: 2of9 on February 25, 2010, 07:02:40 PM
Brand new XP rebuild.  App dumps occuring.  Entered Safe Mode, run Avast 5 -- "Unable to start scan.  There are no more endpoints available from the endpoint mapper."

After adding anti-virus program (como) install which crashed after update and 2nd scan.  (some other strange program behavior occured earlier like a window staying on top of another just loaded program.)  I tried to open the dump file indicated in C:\Documents and Settings\user\Local Settings\temp\fce2_appcompat.txt but I was unable to print or save the file (definite sign of malware).

So I ran some other tools from well known antivirus companies and found "ARTEMIS!(followed by random hex numbers)".   All scanners ran fine in regular Windows XP mode and never found a virus including Avast 5.0.

This was after a fresh reinstall with very few programs installed and very few website visits.  ARTEMIS must have a loader that's not being detected by any malware scanners with possible delayed load.  I suspect it's getting in  either via network drive or one of my program (Office 07, Adobe mainly) installs has a parasite.

Did not find Win32:Malware-gen but HAVE found it on my other PC.
If you have more clues on removing this malware and hidden loaders, please let me know.

::)
Title: Re: Win32:Malware-gen found in scan
Post by: Pondus on February 25, 2010, 07:48:06 PM
Brand new XP rebuild.  App dumps occuring.  Entered Safe Mode, run Avast 5 -- "Unable to start scan.  There are no more endpoints available from the endpoint mapper."

After adding anti-virus program (como) install which crashed after update and 2nd scan.  (some other strange program behavior occured earlier like a window staying on top of another just loaded program.)  I tried to open the dump file indicated in C:\Documents and Settings\user\Local Settings\temp\fce2_appcompat.txt but I was unable to print or save the file (definite sign of malware).

So I ran some other tools from well known antivirus companies and found "ARTEMIS!(followed by random hex numbers)".   All scanners ran fine in regular Windows XP mode and never found a virus including Avast 5.0.

This was after a fresh reinstall with very few programs installed and very few website visits.  ARTEMIS must have a loader that's not being detected by any malware scanners with possible delayed load.  I suspect it's getting in  either via network drive or one of my program (Office 07, Adobe mainly) installs has a parasite.

Did not find Win32:Malware-gen but HAVE found it on my other PC.
If you have more clues on removing this malware and hidden loaders, please let me know.

::)
you should have started your own topic and not posted inside this  http://forum.avast.com/index.php?topic=54389.0


Check your computer for Malware with

Have you tried Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run cuick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here