Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on February 16, 2018, 05:59:52 PM
-
Avast antivirus detects that file C:\Windows\ExternalAP\Drivers\CardReader\IOI\Setup.exe|>{app}\cardinst.exe
is infected by Win32:Dh-A [Heur]
In the drop-down I can not choose Chest or delete, just leave Automatic.
I press button solve and it tells me that done, but if I scan again the problem reappears.
How can I solve it?
-
The card reader comes with a read-only small memory space already in that has its drivers available for install.
So either what you got is indeed infected and there is absolutely nothing you can do about it since it came like that from the manufacturer or it's a false positive. To see if it's a false positive just copy the file on your desktop and upload it to one of the online antivirus test sites and check it there.
But since it's a card reader and those have been fully supported since XP i don't see any reason why there would be a need for its drivers - so my guess it's a piege a cons. So destroy it and get a legit one.
-
Thanks for the reply.
I have looked at the file (Avast Antivirus calls "cardinst.exe" but in this folder there is no file with this name, there are "setup.exe") and the modification date is from 2010. All this time Avast Antivirus no detect problem, last week yes. But only Avast Antivirus, others Antivirus no.
I have downloaded another antivirus (Kaspersky free) and a antimalware (Zemana antimalware), I scan this file specifically and I've also scan the whole PC and not detect any virus.
So, it's a false positive?
Is it better to replace the file with a new one, anyway? Where can I get the file that is reliable and has no problems?
Thanks in advance and apologies for my lousy English
-
Test the file at VT (https://www.virustotal.com) and post the link to the result here.
-
Today when I scan with Avast Antivirus not detect virus. Anyway, to make sure I've done what you told me and in the result, the first time 2 engines (Ikarus and TrendMicro-HouseCall) detect problems, I hit button Reanalyze and then only 1 engine ( Ikarus) detect problem.
The link to result:
https://www.virustotal.com/#/file/2cc294d8aa5a2d7c5c2dcf1c2f7b64558fe5f523f5e99131616d69242f064ae9/detection
In the same folder (...CardReader\IOI\), there are other file "AsusSetup.exe" and I upload too, the result is:
https://www.virustotal.com/#/file/982a41b4dcc4953a123dda20f139f304a8edbc8c2a7008f19a2933b7477d8a9e/detection
-
History
Creation Time 1992-06-19 22:22:17
First Seen In The Wild 2012-10-28 08:53:58
First Submission 2014-04-23 00:59:40
Last Submission 2018-02-20 18:17:04
Last Analysis 2018-02-20 18:17:04
File Version Information
Copyright
Product Smart Card Reader Driver and Card Icon Program
Description Smart Card Reader Driver and Card Icon Program Setup
File Version 1.0.7.73
Comments This installation was built with Inno Setup.
History
Creation Time 2007-05-29 12:02:30
First Seen In The Wild 2007-05-29 14:02:30
First Submission 2013-01-04 09:13:31
Last Submission 2018-02-20 18:34:11
Last Analysis 2018-02-20 18:34:11
File Version Information
Copyright Copyright (C) 2006 ASUS
Product AsusSetup
Description AsusSetup
File Version 1.0.19.7
False Positives
-
Oh great! Thanks for the help :D