Calmain.exe False positive boot-time virus?

[kayjay1]

Hi all, another newbie here. 

I've just booted the pc and Avast has highlighted Calmain.exe as a boot-time virus/trojan.  I believe this is part of Canon camera software and therefore wonder if this is actually a false positive?

[Pondus]

what does avast say....malware name given?

upload file to www.virustotal.com and test with 40+ malware scanners
post link to scan result here

alternatives: www.metascan-online.com / www.jotti.org

[kayjay1]

Going to sound really stupid here but could you please tell me how do I do that?  I chose to ignore the threat rather than remove it as was suggested and now can't seem to find the original warning message.

[Pondus]

http://m.youtube.com/watch?v=TFSmJaiO_G0&desktop_uri=%2Fwatch%3Fv%3DTFSmJaiO_G0

http://m.youtube.com/watch?v=ex4rGXhiqq0&desktop_uri=%2Fwatch%3Fv%3Dex4rGXhiqq0


right click avast tray icon > show last pop-up

[kayjay1]

Okay, I hope I've done this correctly.

Here are the results, the scan showed no problems.   MD5   8ef654045e518ac00e52e7a1e2d3ad70

The last pop-up message for some reason is an Avast Tip on FB privacy although I haven't seen the 'FB privacy' pop-up show itself today.  The last pop up that was seen was the 'Calmain' virus warning.

Thank you for your help with this. 

[Pondus]

https://www.virustotal.com/en/file/c267aab7ca9c6d1dd49043de13211e25157aadecc8d302712bbbd6eb6f530ed9/analysis/
First submission 2009-02-17 04:42:47 UTC ( 4 years, 8 months ago )

The last pop up that was seen was the 'Calmain' virus warning.

yes...but i wanted to know what malware name avast gave the file?...guessing it was W32:Evo-gen [susp] = suspicious

anyway this seems to be a clean file   

[Pondus]

You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21

[kayjay1]

Hi Pondus,

Yes I do understand that you needed the name that avast gave but I cannot find it anywhere.  I did shut down the system (although it took much longer than normal) to try and re-create the problem but thus far, Avast has shown nothing.

I cannot confirm if it was W32:Evo-gen [susp] = suspicious or not.  All I know is that Avast wanted to delete the file, it didn't say anything about sending it to the virus chest which is why I told Avast to ignore it when it was highlighted.  Do you think perhaps that by taking the 'ignore' action Avast will no longer show it up as an issue?

I'm really am very sorry for my dumbness, people like me must seriously get on your nerves.  I am a true newbie at this so please forgive me.   I've also just realised that I've probably put this in the wrong forum too? Ooops!!

Thanks for all your help and advice. 

[Pondus]

send file to avast lab using one of the options i gave above and detection will be fixed.   

[kayjay1]

Okey dokey wll do. 

[Pondus]

seems you are not alone.   http://forum.avast.com/index.php?topic=137628.0

[kayjay1]

Yes, yes, that looks more familiar, it definitely said Rootkit I remember that now.
Rootkit. SVC:CCALib8>C:\CALMAIN.exe Name Win32:Evo-gen(susp)

Should I search for the file?

Oh dear, I've already submitted the file under the possibility of it being W32:Evo-gen [susp] = suspicious.