(FP) Win32:spyware-gen (TRJ)

[Bob Anderson]

Yesterday July 13 Avast home detected Reg Organizer (a registry cleaner I have been using for years) as a virus. There us no doubt this is a FP. I have sent the detected file to Avast and am awaiting a fix. I cannot run reg organizer until there is a fix. This is my first FP and I have been using Avast for about two years. Reg Organizer is not well known but if anyone here runs it with Avast, please let me know.

-Bob

[sanctuaryforever]

I'm sure they will fix it as soon as they get around to investigating it

[DavidR]

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[Bob Anderson]

Thanks DavidR. I followed your exclusion instructions and Avast no longer detects it. I also scanned it at Virus Total and it was detected by 10 out of 33 AVs.

http://www.virustotal.com/analisis/f9ba649b41de1e835df26942588f0ac3

I don't see how organizer.exe could be malware. I have run it hundreds of times since I first installed the cleaner, Reg Organizer. I have not changed the file in any way.

I use True Image and what I will do is wait for Avast updates, then I will restore an older image dated before July 13. Avast will update automatically and then I'll try to run Reg Organizer. If it runs, problem solved and then I would restore the latest image. If no solution can be found then I will just leave organizer.exe excluded forever.

-Bob

[Spiritsongs]

   Hi Bob :

 There are many "Microsoft Most Valuable Professionals" who advise AGAINST
  using a "registry cleaner" on the newer Operating Systems; the Ones who
  help people fight malware problems on the Aumha Support Forums are
  definitely against using them . You might be interested in WHAT they have to
  say at http://aumha.net/viewtopic.php?t=28099  !?

[DavidR]

Thanks DavidR. I followed your exclusion instructions and Avast no longer detects it. I also scanned it at Virus Total and it was detected by 10 out of 33 AVs.

http://www.virustotal.com/analisis/f9ba649b41de1e835df26942588f0ac3

I don't see how organizer.exe could be malware. I have run it hundreds of times since I first installed the cleaner, Reg Organizer. I have not changed the file in any way.

You should still send it to avast as outlined in the link also, that is truly the only way to resolve an FP (if this is truly what it is), which will help other avast users if they happen to use reg organiser (contrary to the Microsoft MVPs opinions, which personally I don't hold with, not that I'm an MVP ).

I use True Image and what I will do is wait for Avast updates, then I will restore an older image dated before July 13. Avast will update automatically and then I'll try to run Reg Organizer. If it runs, problem solved and then I would restore the latest image. If no solution can be found then I will just leave organizer.exe excluded forever.

The simplest and safest solution whilst the jury is out (10/32 detections) would have been to stick the reg organiser file in the chest (you should be able to survive without it for a short time), where it can do no harm. Periodically scan the copy in the chest (after VPS updates) and when it is no longer detected, restore it. Much less hassle than having to use True Image.

[Bob Anderson]

DavidR:

I have sent organizer.exe directly from the chest to Avast to their virus address yesterday July 13th.

Good point about scanning the copy in the chest. That would be simpler than doing a restore from TI.

-Bob

[DavidR]

No problem, I have Drive Image and even though that is quick, we often forget the easier solution, even though you probably didn't realise you could scan within the chest.

[tb39]

DavidR:

I have sent organizer.exe directly from the chest to Avast to their virus address yesterday July 13th.

Good point about scanning the copy in the chest. That would be simpler than doing a restore from TI.

Hi Guys.......... this is my firt question on the forum.   I have this trojan ? Win32:spyware-gen (TRJ) when I scanned with Avast, but I am wondering if it is a false positive also.   Have you had any reply/news from Avast yet ? - I have mine confined in the chest and all the rest of the workings of the PC seem to be OK.

Tig   

[Lisandro]

tb39, follow David's advices on reply #2.

[tb39]

Thanks Tech - will do.

tb39

[Bob Anderson]

tb39:

What file triggered Win32:spyware-gen (TRJ) ? The latest update today 080718-1 does not solve the problem for my file 'organizer.exe', but I have it excluded from scanning.

-Bob

[tb39]

Bob...........
This problem was on a friends PC but today I was over there and he had deleted the file from the chest  !!!
However, I think it was from a temp file in the cookies section on his I.E.
I scanned with Avast and all was clear of 'nasties' - I also scanned with Malwarebytes and SuperAntiSpyware and again all is clear and clean.
Sorry  :'( I cannot help with anymore information as I have not been able to send the offending file for verification of being an FP (due to my friends rather hasty action of deleting it !!)
Hope you get yours sorted soon - I will keep an eye on it.

tb39

[DavidR]

Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.