Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: N0rT013 on July 26, 2014, 06:36:37 PM

Title: win32:malware-gen detected
Post by: N0rT013 on July 26, 2014, 06:36:37 PM
Win 7 Dell machine. Ran Avast scan this am and came up with above infection. Ran boot scan and Malwarebytes scan and both were clean. Avast put it in the virus chest.  Do I need to do anything else and is machine clean now?  Thanks.
Title: Re: win32:malware-gen detected
Post by: Pondus on July 26, 2014, 06:42:05 PM
Somone just reported a possible FP with that detection name.... see viruses and worms forum section


What file was detected ..... and location, full file path
Title: Re: win32:malware-gen detected
Post by: Eddy on July 26, 2014, 06:58:46 PM
What vps version do you have?
Title: Re: win32:malware-gen detected
Post by: N0rT013 on July 26, 2014, 08:58:55 PM
VPS version - not sure what vps is but my program version is 2014.9.0.2021 and virus defs are 140726-1. This is what is described in virus chest: C:\dell\FIST\CSRSS_cancel.exe - also says that it last changed 1/26/2007?? Don't guess I understand this stuff. Anyway don't know if that is the info you are asking for Pondus but it's all I have come up with. Is there somewhere else to look for that info? Also, will check out virus and worm section. possible FP. Thanks very much.
Title: Re: win32:malware-gen detected
Post by: Pondus on July 26, 2014, 09:08:19 PM
Quote
C:\dell\FIST\CSRSS_cancel.exe
seems to be a Dell file .... but no info found online. I will check with somone


Vipre antivirus have detected same file.   posted Jul 4, 2014
http://community.spiceworks.com/topic/533045-csrss_cancel-exe-quarntined-by-vipre-anti-virus



Title: Re: win32:malware-gen detected
Post by: Pondus on July 26, 2014, 09:09:44 PM
You can report it to avast lab as Possible False Positive using one of these options
you may add a link to this topic in case they reply here


You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21

Title: Re: win32:malware-gen detected
Post by: Eddy on July 26, 2014, 09:21:25 PM
There is a problem with the vps when it comes to mal:gen
It is already partially fixed in 20140726-1
For me it detected the main .exe of MS Flight Sim 2004 as malware.

Only thing we can do at this moment is reporting them and hope that avast will fix it soon.
Title: Re: win32:malware-gen detected
Post by: N0rT013 on July 26, 2014, 09:27:52 PM
Well unfortunately I have no idea what the program name or publisher is. I cannot tell from that line in the virus chest what that info would be. I will go with Eddy and wait for Avast to fix. Unless someone can tell me where to find the program, publisher etc. to report it out of virus chest. thanks.
Title: Re: win32:malware-gen detected
Post by: Eddy on July 26, 2014, 09:30:33 PM
A new vps version has just been released 20140726-2
Could be it is solved now.
Title: Re: win32:malware-gen detected
Post by: Pondus on July 26, 2014, 09:37:46 PM
A new vps version has just been released 20140726-2
Could be it is solved now.
OK ....

@N0rT013  right click the file in chest and scan it ..... still detected ?
Quote
Unless someone can tell me where to find the program, publisher etc. to report it out of virus chest. thanks.
see link in post above .... how to use chest

Essexboy agree, say this is a false positive



Title: Re: win32:malware-gen detected
Post by: N0rT013 on July 26, 2014, 11:34:56 PM
Did the scan in the chest - comes up with a window with that malware name in it. Does that mean it's still in the works? And it's not an FP?  Also, I know how to use the chest - I just don't know how to determine the name of the publisher-program etc. unless I'm missing something and that's very possible. Pls enlighten me. Thanks.
Title: Re: win32:malware-gen detected
Post by: Pondus on July 27, 2014, 01:47:58 AM
Quote
  Did the scan in the chest - comes up with a window with that malware name in it. Does that mean it's still in the works?     
Not fixed yet ......


Quote
    I just don't know how to determine the name of the publisher-program etc. unless I'm missing something and that's very possible. Pls enlighten me. Thanks.     
You mean info about the file in chest?
There is no info like that in chest
Title: Re: win32:malware-gen detected
Post by: N0rT013 on July 27, 2014, 01:26:25 PM
You mean info about the file in chest?
There is no info like that in chest


So can u tell me where I go to find that info? program, publisher, etc. Thanks.
Title: Re: win32:malware-gen detected
Post by: Pondus on July 27, 2014, 04:06:44 PM
Quote
So can u tell me where I go to find that info? program, publisher, etc. Thanks.
if you upload file(s) to www.virustotal.com  it will give some extra file info .... click the file detail / additional info tabs at top

Title: Re: win32:malware-gen detected
Post by: bob3160 on July 27, 2014, 04:30:15 PM
I personally think this procedure should and could be made a lot simpler and easier for those
taking the time trying to make a submission.  :o
Title: Re: win32:malware-gen detected
Post by: N0rT013 on July 28, 2014, 12:19:34 AM
Well Bob3160 - I am a 75 y.o happy female who does pretty good if given a few clues. I posted all info to my Malwarebytes program regarding possible F.P. -- that the malware is in the virus chest and that it isn't a critical file. If FP, they said ok to move on. I see no anomalies on system so am assuming it is FP. Agree with you about making process a little simpler. Thanks for input.