Author Topic: Win32:Malware-gen found in scan  (Read 15253 times)

0 Members and 1 Guest are viewing this topic.

leglagger

  • Guest
Win32:Malware-gen found in scan
« on: January 29, 2010, 02:19:34 PM »
I have a Acer Aspire 7540G with Windows 7 .
My Avast 5.0.396 is up to date with virus database.

It has found 2 threats
C:\Program Files(x86)\epson\creativity suite\File Manager\DspReadMe.exe    and C:\Program Files(x86)\epson\creativity suite\Easy Photo Print\DspReadMe.exe
Severity High.  Threat Win32:Malware-gen

When I try to move these to the chest I get "Error: Access is denied (5)"

I cannot run boot-time scan as it says "Boot time scanner only available in 32 bit operating systems".

I restarted in safe mode, and then ran avast and tried to scan the epson folder but got "no more endpoints available from the endpoint manager".

Is this a genuine threat, and why can't I move it to the chest?

Please help!

Thanks




Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Win32:Malware-gen found in scan
« Reply #1 on: January 29, 2010, 02:50:45 PM »
Hello,
file with this filename arrived to us and if false positive, which will be fixed. If the problem remains after next VPS update (100129-1) then send the file to virus@avast.com with "False positive" in subject.

Thank you,
Milos

leglagger

  • Guest
Re: Win32:Malware-gen found in scan
« Reply #2 on: January 29, 2010, 02:54:21 PM »
When  will the next update (VPS update (100129-1)) be ?

Also - why can I not move the 2 files to the chest ?

Thanks

2of9

  • Guest
Re: Win32:Malware-gen found, no endpoints avail from endpoint mapper
« Reply #3 on: February 25, 2010, 07:02:40 PM »
Brand new XP rebuild.  App dumps occuring.  Entered Safe Mode, run Avast 5 -- "Unable to start scan.  There are no more endpoints available from the endpoint mapper."

After adding anti-virus program (como) install which crashed after update and 2nd scan.  (some other strange program behavior occured earlier like a window staying on top of another just loaded program.)  I tried to open the dump file indicated in C:\Documents and Settings\user\Local Settings\temp\fce2_appcompat.txt but I was unable to print or save the file (definite sign of malware).

So I ran some other tools from well known antivirus companies and found "ARTEMIS!(followed by random hex numbers)".   All scanners ran fine in regular Windows XP mode and never found a virus including Avast 5.0.

This was after a fresh reinstall with very few programs installed and very few website visits.  ARTEMIS must have a loader that's not being detected by any malware scanners with possible delayed load.  I suspect it's getting in  either via network drive or one of my program (Office 07, Adobe mainly) installs has a parasite.

Did not find Win32:Malware-gen but HAVE found it on my other PC.
If you have more clues on removing this malware and hidden loaders, please let me know.

::)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Win32:Malware-gen found in scan
« Reply #4 on: February 25, 2010, 07:48:06 PM »
Brand new XP rebuild.  App dumps occuring.  Entered Safe Mode, run Avast 5 -- "Unable to start scan.  There are no more endpoints available from the endpoint mapper."

After adding anti-virus program (como) install which crashed after update and 2nd scan.  (some other strange program behavior occured earlier like a window staying on top of another just loaded program.)  I tried to open the dump file indicated in C:\Documents and Settings\user\Local Settings\temp\fce2_appcompat.txt but I was unable to print or save the file (definite sign of malware).

So I ran some other tools from well known antivirus companies and found "ARTEMIS!(followed by random hex numbers)".   All scanners ran fine in regular Windows XP mode and never found a virus including Avast 5.0.

This was after a fresh reinstall with very few programs installed and very few website visits.  ARTEMIS must have a loader that's not being detected by any malware scanners with possible delayed load.  I suspect it's getting in  either via network drive or one of my program (Office 07, Adobe mainly) installs has a parasite.

Did not find Win32:Malware-gen but HAVE found it on my other PC.
If you have more clues on removing this malware and hidden loaders, please let me know.

::)
you should have started your own topic and not posted inside this  http://forum.avast.com/index.php?topic=54389.0


Check your computer for Malware with

Have you tried Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run cuick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here