Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: MRTMN on July 18, 2020, 01:21:04 AM
-
Hi,
I've had two instances of the same file (Reg-MSI_Inventory.exe) trigger a warning for IDP.ARES.Generic in the last 45 minutes or so (both in different locations within c:\windows\temp).
I've quarantined the files in the virus chest and used the interface from within Avast to submit them for analysis.
How will I know if they're false positives?
Thanks!
-
Hello,
Same Problem happens to me. It starter after the last night... and the last night, it have installed windows update (Automatic update). I dont think that was a coincidence because message of other user start to poping in the forum with the same problem but i also waiting to have more information about this.
-
Hello Same thing here.
Right after the lastest windows update avast has found as a threat the IDP.ARES.Generic.
I was reading on the web and other anti-virus has done the same.
Right now I have the file on the virus chest, but it looks like every time the computer turn on the anti virus catch it the file on a different location.
-
I've also started seeing this appear on my computer today. It showed up three times already. I did a search online which led me to this forum. I feel like it's a false positive but I'm hoping that Avast will respond to clear this up.
-
I too have had this happen twice now and it was after a windows update! I have been tempted to create an exception but obviously I could be allowing a virus on to my computer, hope avast can tell us soon what we should do
-
Test the file at VT (https://www.virustotal.com) and post the link to the result here.
-
Avast has already been informed through AVG support (https://support.avg.com/answers?id=9060N000000gawoQAA), they must certainly already be in the process of annalising this file (FP?) which is already worrying a large number of users (avast + avg)
-
After Avast reported this same error I went in the folders using a (administrative) command-prompt and check what else existed in the folder.
At the lowest levell (C:\Windows\Temp\inv7FD4_tmp\RegMSI) I only found the Reg-MSI_Inventory.exe.
One level up there was a file named icredir.txt. which had a reported size of 0.
After letting Avast put the file in the virus vault, the file contained:
(GetInventory>> CUSBUpdateMananger::GetInventory): PID = VEN_SYN&DEV_0609
<?xml version="1.0" encoding="UTF-8"?>
<SVMInventory lang="en">
</SVMInventory>
Failed<?xml version="1.0" encoding="UTF-8"?>
<InventoryError lang="en"><SPStatus result="true" module="icsvc"><Message>Completed successfully</Message></SPStatus></InventoryError>
The VEN_SYN&DEV_0609 suggests it is affiliated with Dell Touchpad software
-
I am also having the same problem. The Avast pop-up says the threat has been secured and moved to the Virus Chest, but when I open the Virus Chest there's nothing in it.
-
Same thing happened to me, 3 times already today. I have all 3 moved to the virus chest.
-
I have found a way to trigger this alert:
1) Restart machine
2) Open Dell Update 3.1.2
3) Run a "check"
Running Dell Update again without restarting will not trigger the alert. On reboot, the first run of Dell Update will trigger it again.
Several notes:
1) Most (all?) of us are using Dell machines
2) Only one of my now multiple quarantined events actually contains the file in question (Reg-MSI_Inventory.exe)
3) Virustotal detects nothing when submitting this file
4) Is there a way to "rescan" the vault after an update?
5) How will avast notify us if this is a false positive?
-
4) Is there a way to "rescan" the vault after an update?
There used to be a "rescan file in chest" option, dont know if it is still there (think it was a right click option)
Using the Virus Chest in Avast Antivirus >> https://support.avast.com/en-us/article/Use-Antivirus-Virus-Chest/
5) How will avast notify us if this is a false positive?
Did you report it as possible false positive? >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
I think those who report it will get a reply/mail
-
@ MRTMN
4) There used to be, but that has dropped from the list some time ago, why I don't know.
I guess sending it back (Restore) to its original or Extract to a location would trigger a rescan.
5) You could also send it to Avast for Analysis from the Virus Chest.
-
@ MRTMN
4) There used to be, but that has dropped from the list some time ago, why I don't know.
I guess sending it back (Restore) to its original or Extract to a location would trigger a rescan.
5) You could also send it to Avast for Analysis from the Virus Chest.
Ugh, the lack of rescan within the vault is frustrating.
I did submit it, but from within the vault itself. (Not via the web form)
-
I started another thread on this problem but I want to move the discussion over here so I will copy paste what I wrote there:
This morning I started my Windows 10 PC and all was normal. Then an authorized Dell Service technician paid a visit to replace the power button LED light which he successfully installed. After that, every time I start or restart my PC I get the same warning, even after removing it to virus chest. So I got on the phone with a Dell support tech for forty minutes and we deleted all the temp files and did a SupportAssist scan, basically cleaning everything up. This was AFTER I did a boot scan with Avast after seeing the first popup. So the Dell tech said it is safe to create an exception for this virus after researching it, and we did that. The boot drive revealed zero threats and yet I got the same popup. I get the same popup after creating the exception. What is going on here?? The Dell rep concluded it is a bug in Avast and was safe to make an exception.
-
For the record I am running Windows 10 on a Dell desktop XPS 8930, Avast Free Antivirus. Some have suggested this is a bug in a Windows update. Windows did a major update on 7/15 and the problem did not show up until midday 7/17. Looking at control panel list of programs showed that Windows Edge was installed on 7/17, same day of the Avast threat's appearance. I don't use Edge I use Firefox. Anyway, a medical condition prevents me from participating fully in this discussion because I cannot stand or sit for extended periods without severe pain, so I can't really be at the computer. I appreciate the help that all are offering in assisting in getting this thing fixed.
-
@ MRTMN
4) There used to be, but that has dropped from the list some time ago, why I don't know.
I guess sending it back (Restore) to its original or Extract to a location would trigger a rescan.
5) You could also send it to Avast for Analysis from the Virus Chest.
Ugh, the lack of rescan within the vault is frustrating.
I did submit it, but from within the vault itself. (Not via the web form)
Yes it would make life easier and I have no idea why it was withdrawn.
Though the two alternatives should effectively scan it. Did you try that ?
Submission from the Virus Chest should effectively be the same as it is going to go to the virus labs.
How long ago did you do this as there would probably be a reduced staffing at weekends ?
-
Did you report it as possible false positive? >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
I think those who report it will get a reply/mail
not sure at all :-\
the 2 times I reported a false positive (using the form with email address), the problem was (quickly) solved by a VPS update but no return of avast to my email address. :-*
-
Dev-Info: FP confirmed, IDP disabled on file. will be reflected in next update.