Author Topic: while scanning with ad aware, avast gives warning that I have malware virus  (Read 2419 times)

Offline newbie2009

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
While running ad aware avast gives warning that I have a malware virus in system 32. The warning states "Win32-Malware-gen" has been found in "C:\windows\system323\x.264.exe"file.
avast cannot do anything as the file is said to be used by another process, I presume this is
ad aware. If turn avast off and run adaware, everything is fine and the above virus is not found.
Also if I just scan with avast, everything again is ok.
Can anyone tell me what is going on?

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64881
  • Gender: Male
    • Personal Message (Offline)
Can you submit the file to www.virustotal.com and check?
I'd rather more confident on avast detection than on ad-aware missdetection.
The best things in life are free.

Offline newbie2009

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
here are results of total virus scan;
 File x.264.exe received on 2009.10.11 20:05:13 (UTC)
Current status: finished
Result: 5/41 (12.20%)
Compact Compact
Print results Print results
Antivirus    Version    Last Update    Result
a-squared    4.5.0.41    2009.10.11    -
AhnLab-V3    5.0.0.2    2009.10.10    -
AntiVir    7.9.1.35    2009.10.09    -
Antiy-AVL    2.0.3.7    2009.10.10    -
Authentium    5.1.2.4    2009.10.11    -
Avast    4.8.1351.0    2009.10.11    Win32:Malware-gen
AVG    8.5.0.420    2009.10.04    -
BitDefender    7.2    2009.10.11    -
CAT-QuickHeal    10.00    2009.10.10    Trojan.Agent.ATV
ClamAV    0.94.1    2009.10.10    -
Comodo    2574    2009.10.11    -
DrWeb    5.0.0.12182    2009.10.11    -
eSafe    7.0.17.0    2009.10.08    Suspicious File
eTrust-Vet    35.1.7060    2009.10.09    -
F-Prot    4.5.1.85    2009.10.11    -
F-Secure    8.0.14470.0    2009.10.11    -
Fortinet    3.120.0.0    2009.10.11    -
GData    19    2009.10.11    Win32:Malware-gen
Ikarus    T3.1.1.72.0    2009.10.11    -
Jiangmin    11.0.800    2009.10.08    -
K7AntiVirus    7.10.867    2009.10.10    -
Kaspersky    7.0.0.125    2009.10.11    -
McAfee    5768    2009.10.11    -
McAfee+Artemis    5768    2009.10.11    -
McAfee-GW-Edition    6.8.5    2009.10.11    -
Microsoft    1.5101    2009.10.11    -
NOD32    4498    2009.10.11    -
Norman    6.01.09    2009.10.11    -
nProtect    2009.1.8.0    2009.10.11    Trojan/W32.Agent.240128.O
Panda    10.0.2.2    2009.10.11    -
PCTools    4.4.2.0    2009.10.11    -
Prevx    3.0    2009.10.11    -
Rising    21.50.60.00    2009.10.11    -
Sophos    4.45.0    2009.10.11    -
Sunbelt    3.2.1858.2    2009.10.11    -
Symantec    1.4.4.12    2009.10.11    -
TheHacker    6.5.0.2.037    2009.10.11    -
TrendMicro    8.950.0.1094    2009.10.11    -
VBA32    3.12.10.11    2009.10.10    -
ViRobot    2009.10.9.1978    2009.10.09    -
VirusBuster    4.6.5.0    2009.10.11    -
Additional information
File size: 240128 bytes
MD5   : 5fdd7d827c1cc58567367d03d24548ce
SHA1  : 9937882f96f025991634b2833c5f4bcaef70beb2
SHA256: fb38f3faf93a90cfe0b9f0c0d9317eac12c2ccedc37e3058175b6e67598e2b91
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xFD0F0
timedatestamp.....: 0x422343D4 (Mon Feb 28 17:16:20 2005)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xC2000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xC3000 0x3B000 0x3A400 7.89 e48e6951c44a76c049967dc96482543b
UPX2 0xFE000 0x1000 0x200 1.41 1f7725eb8b599d9111fe0eb839e1a6d3

( 2 imports )

> kernel32.dll: LoadLibraryA, GetProcAddress, ExitProcess
> ws2_32.dll: -

( 0 exports )
TrID  : File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=5fdd7d827c1cc58567367d03d24548ce
ssdeep: 6144:MsJLK5WOrC8bIg3h9N1gAxayMDYvWf5jAe2GFWANt:vJ25WOr7bIg3hhtx0mwjAe2GFW
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=7FC4D2A90019C2A5AA78034BE3D80600A72C547D
PEiD  : UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers (Kaspersky): UPX
packers (F-Prot): UPX
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=5fdd7d827c1cc58567367d03d24548ce
RDS   : NSRL Reference Data Set
-

What does the above mean?

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
I have not used Ad-Aware for ages as it has not kept up with the times.

Get Malwarebytes Anti-Malware (MBAM) then update it then run a Quick scan and let it remove all it finds:
http://www.malwarebytes.org/mbam.php

Post its log here after it completes.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline Photon

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
I have the same issue. Sign of "Win32:Malware-gen" has been found in "F:\WINDOWS\system32\x.264.exe" file. I've scanned with AdAware, Spybot, ThreatFire, SUPERAntiSpyware and Malwarebytes. All say the file is clean.

I Googled the file name and have seen all kinds of answers. From it being malware to it being something that Super® puts in. Super® is a video/audio conversion program by eRight Software. erightsoft.com/SUPER.html I tried submitting to virustotal but when I try to upload, the page refreshes and then says 0bytes uploaded. Installed their Virus Total Uploader and when I tried it that way I got the message "Error! Access to the specified file was denied!"

Attached screenshot is when I pull the properties of the file.

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20153
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 968
  • Gender: Male
    • Personal Message (Offline)
I too have this result.

This is not the first time Avast has flagged it as infected. The search function on the forum cannot locate it but there is another thread on this from a few months back.

Avast acknowledged it was a false positive. The detection had something to do with the triple-layer-encryption or file packer or something like that.

Ask Polonus, DavidR, SPG Scott, Tech or one of the other helpful Avast Forum experts. They will be able to assist further.

The level of expertise required for a concise, yet thorough, explanation for this issue is unfortunately above my level.

Hopefully it will be fixed in the next VPS.

Would be helpful if there was perhaps an official comment from the Alwil staff too.

Best wishes,

Avastfan1
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 968
  • Gender: Male
    • Personal Message (Offline)
Update:

I found the original thread: http://forum.avast.com/index.php?topic=37051.msg358846#msg358846

The suspect file was that time MOTA113.exe however I think x.264.exe is also related to S.U.P.E.R.

Otherwise I would be a little worried..................
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Photon

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Thanks for the replies. Looks like the last AVS update took care of the problem. Avast scans it now without flagging it.

Offline sconaway

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Upon start-up, my Avast considers Ad Aware Professional  a Trojan Virus.  I had to go to the Avast Chest to retrieve the executable file and restore my Ad Aware.  Please advise how I may prevent this from happening in the future.  I'd like to keep both programs running at the same time if possible.

Original File Name- Adware Professional.exe
Original Folder- C:\Program Files\ Adware Professional
Size of File-  2064032
Last Modification Time- 8/23/2009 6:07:00 AM
Time of Transfer to Chest- 10/21/09 7:04:11 AM
Category- Infected Files
Virus Description- Win32:FakeAV-SX [Trj}
File ID- 23

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now