Nvidia DLL's Win32:Trogan_Gen

[MacDR50]

Upgraded to Avast 5.0 full version and today it reported the following files infected:

NVgames.dll
NVMobls.dll
NVWss.dll
sysreqlab_nvd.dll

I checked the first three at VirusTotal and Avast 4.8 and 5.0 as well as Gdata 2.0 confirmed detection.  All the rest of the virus checkers reported nothing.  I uninstalled everything to do with nvidia and cleaned every file I could locate associated with Nvidia.  I then downloaded the latest Nvidia drivers etc. for my card and after installing ran a check on all the associated directories and files.  All clean I hope.

All 4 files are in my Virus Vault if the Avast team wishes to inspect.

[DavidR]

For the first 3 you sent to VT, I can't comment on the 4th if you didn't check it:
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

[Lisandro]

I've got the same false positive.

[mchain]

Copy of post to NVidia Forums under Operating Systems.

Topic Title:  nvwss, nvmobls, nvgames (dll) files

mchain
Rating: 0
View Member Profile
   
post Yesterday, 10:13 PM
Post #1



*

Group: Members
Posts: 1
Joined: Yesterday, 09:31 PM
Member No.: 284,422
Club SLI Member: No



   
Running Win XP Home SP3, Avast Home Edition Free, NVidia GE Force 6200.

Running latest driver file provided by MS, which is WHQL'd by them.

Above files in 'topic title' were detected as Win32_gen.Trojan_gen on 8/14/2010 by Avast.

I was surfing at SI.com golfing site at the time and tried to open the live feed for the PGA tounament in Firefox. When that did not run, I clicked a link for system properties and saw only Vista, Win 7, and IE were supported. So I said, what the heck, let's open IE and try again, and see if this will run again under IE. Would not run under IE either.

I noticed the desktop had shifted to the left after I ran IE, opened NVidia Control Panel, and immediately Avast kicked in.

Avast intercepted the above files as they were executing and killed them dead. They are now quarantined. They do not exist on my system. I have looked everywhere.

I was able to reset the desktop and the Control Panel seems to be functioning normally.

Not sure when the desktop shifted, at system properties check or when running IE. I saw the shift only after Avast did its thing.

My question is, are the above files a part of the whql'd driver file?

Thanks.

BTW, let me know if this is not the best place to post this issue.

This post has been edited by mchain: Yesterday, 10:16 PM
 

Same thing here.  FP?