Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: cadremis on March 12, 2010, 10:19:23 PM
-
I just made a boot scan with Avast and I was surprised that a Win32:malware-gen was found in system32/dllcache charmap.exe.
I was not able to repair not eve to move to the virus chest.
The only option availiable was to delete but it warned me it was a windows file, my computer is running well right now and my question is:
Will I have problems for removing a windows file?
What kind of problems will I have because of this?
Please advise...rm
-
I forgot to add the log file, here it is:
-
Hmmm... seems a false positive. Please, upload it to www.virustotal.com
But if it is infected, the removing of a system file shouldn't be easy, as you could do more harm than good (sometimes).
Can you check the virustotal and post back?
-
Windows Hidden Extra Programs
C:\WINDOWS\system32\charmap.exe
http://www.sosol.com/docs/WinHiddenExtraPrograms.pdf
-
Windows Hidden Extra Programs
C:\WINDOWS\system32\charmap.exe
http://www.sosol.com/docs/WinHiddenExtraPrograms.pdf
???
-
Hey guys! one way or the other the file is in the virus chest now and when I analize it with Avast there see what it says.
What do I do to successfully send it to virust total?
-
Windows Hidden Extra Programs
C:\WINDOWS\system32\charmap.exe
http://www.sosol.com/docs/WinHiddenExtraPrograms.pdf
???
@Zyndstoff
It is what i found when googling the file in the log he sendt
and he was asking " Will I have problems for removing a windows file? "
-
Hey guys! one way or the other the file is in the virus chest now and when I analize it with Avast there see what it says.
What do I do to successfully send it to virust total?
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
- avast5 - Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.
-
I uploade the file to virus total and no results of malware were given.
http://www.virustotal.com/es/analisis/2fc82cc4b5874d0e5a5f7c3eac5e8142a5e2eb708b7882733a5919e6e5294be3-1268445241
The file is still in the virus chest... could it be a false positive?
Adivse what to do, I do not want to remove it till I'm sure this is a malicious exe file.
-
Have you got the latest virus signatures (version 100313-0) as avast doesn't detect this on virustotal. So it looks like the detection has been corrected.
Do a manual Update to ensure you have the latest version if not the same number as above.
If you have the same version number as above, scan the file within the chest again, If it isn't detected then Restore the file to the original location.
-
Thanks, I updated Avast and new update does not detect it as a malware-gen... I will restore it to its original position.
I guess alwil corrected this false positive...
One more question, I restored the file but it is still in the virus chest? why?
Advise...rm
-
It is safer that way, if for some reason the restore failed and the file isn't in the original location you would have no copy of the file. Once you restore it, confirm that it is back in the original location and then you can manually delete it from within the chest.
-
Done..... tks for the help...rm
-
You're welcome.