A Virus Was Found: file_avmanagerunified.dll\[UPX] - False positive? What to do?

[adifrank]

Hi. I'm using Avast Version 4.8 Home Edition on a Dell Studio 1555 laptop.
The laptop originally came with Vista pre-installed. Preferring Windows XP, I uninstalled Vista and Installed XP PRO. This required that I download and install the proper Windows XP drivers from Dell's website, which I did.
I did all of this about two months ago.

I just ran Avast virus scan of my whole drive and it suddenly came up with an Avast Warning pop-up - A VIRUS WAS FOUND!

File name: C:\System Volume Information\_restore{FBCC7787-FDC8-4229-A2FC-01B5A5F48D0C}\RP223\A0049748.exe\setup.exe\$QUICKLAUNCH\Dell\DellSupportCenter\installer\Dell Support Center.msi\disk1.cab\file_avmanagerunified.dll\[UPX]

Malware name: Win32:Malware-gen

Malware type: Virus/Worm

VPS version: 091206-1, 06/12/2009

From what it looks like to me, this file has something to do with something called Dell Quick Launch, which I apparently installed when installing those Dell-Windows XP drivers. Also I might add that since installing those drivers (about two months ago) I've scanned my computer for viruses at least twice.
The driver/software that I believe associated with this file was downloaded from here:
http://support.dell.com/support/downloads/driverslist.aspx?os=WW1&catid=-1&dateid=-1&impid=-1&osl=EN&typeid=-1&formatid=-1&servicetag=&SystemID=STUDIO1555&hidos=WLH&hidlang=en&TabIndex=


Investigate a bit further I tried to find the file in folder where it resides and maybe uploading it to Virus Total or something, but I am being denied access to the System Volume Information folder. I've googled this issue and read several instructions on how to access this folder, but nothing helps. The instructions say:
# Click Start, and then click My Computer.
# On the Tools menu, click Folder Options.
# On the View tab, click Show hidden files and folders.
# Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
# Clear the Use simple file sharing (Recommended) check box.
# Click OK.
# Right-click the System Volume Information folder in the root folder, and then click Properties.
# Click the Security tab.
# Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK again.
# Double-click the System Volume Information folder in the root folder to open it.

But when I right click the System Volume Information folder and select Properties - I have no Security tab! I only have tabs titled: GENERAL / SHARING / CUSTOMIZE

I am logged on as administrator.

Another strange thing is that when hovering over the folder - I get a balloon saying the folder is empty.

Not sure what to do...

For the time being, I haven't selected to do any of the options Avast is offering (Move/Rename / Delete / Move to chest). I don't want to harm my system if it turns out this is a false positive and in fact an important file.

So I'm leaving the Avast Warning pending and hopefully someone here can help.

Thanks!  

[simono]

Hi - I have had the same problem this morning.  I have a Dell Studio 15 laptop.  Avast warned that it had found a virus.  However, I just went ahead and clicked on "Move to Chest" and it didn't work!  Apparently the file was:

c:\program files (x86)\common files\supportsoft\bin\avmanagerunified.dll\[UPX]

... which is a very strange-looking file name.  I'm guessing that the [UPX] on the end is some kind of code-unpacker?  Anyway, when I click "Move to Chest" Avast put up a message saying "The system cannot find the file specified".  Not impressed by that.  I had a look in Windows Explorer and there is a file avmanagerunified.dll in the relevant bin folder, but no folder called 'avmanagerunified.dll' and no sign of any [UPX] file anywhere.

I was able to upload the file in question (i.e. avmanagerunified.dll) to www.virustotal.com which offered me a previous stored scan of the same file.  Only 1 out of 39 virus checkers had any problem with the file and it caused it a 'suspicious file'.  The version of Avast used in Virus Total was one of the 39 that had no problems with it.

So - what to do?  It looks very likely to be a false positive.  But I don't want to mess around with this.  For now, I have temporarily manually renamed the file itself (couldn't use Avast for that either).  And my laptop is currently hibernating (with the Avast message still up) while I try to decide what to do.  Anyone at Avast out there who can come in on this?

Simon

[simono]

P.S. I'm running Windows 7

[spg SCOTT]

Looks to be a false positive. Please follow the instructions in this thread.

http://forum.avast.com/index.php?topic=51938

-Scott-

[DavidR]

Edit intentional deletion.

[Milos]

Hello,
thank you for notice, fixed in VPS 091207-0.

Milos