Author Topic: Win32:Malware-gen  (Read 7084 times)

0 Members and 1 Guest are viewing this topic.

Offline theProtomartyr

  • Newbie
  • *
  • Posts: 4
Win32:Malware-gen
« on: July 13, 2014, 12:41:15 AM »
Was installing Microsoft Office 2013 an a new system when Avast popped up saying it had blocked a malicious program, and moved it to the virus chest. Not sure if it was a false positive, or an actual problem.

Attached are the logs as well as a screenshot of the Virus Chest.

Your help and time is much appreciated  ;)

Offline theProtomartyr

  • Newbie
  • *
  • Posts: 4
Re: Win32:Malware-gen
« Reply #1 on: July 13, 2014, 12:42:37 AM »
Virus Chest Screenshot

Apologies for the double post.

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Malware-gen
« Reply #2 on: July 13, 2014, 11:47:20 AM »
That was a false positive, otherwise your logs look OK

Offline theProtomartyr

  • Newbie
  • *
  • Posts: 4
Re: Win32:Malware-gen
« Reply #3 on: July 14, 2014, 01:08:15 AM »
Thanks for the confirmation. Have a nice day!

Offline Renoir_5869

  • Newbie
  • *
  • Posts: 2
Re: Win32:Malware-gen
« Reply #4 on: July 15, 2014, 04:31:56 AM »
I have run into a similar situation. Recently, Avast notified me that ONENOTE.EXE is infected with Win32:Malware-gen and moved it to the Chest.
I ran an Avast scan, a boot time scan, as well as a MalwareBytes scan, none of which reported any infections.
Since then, there has also been an Office update, which appeared to go through successfully. However, I cannot use OneNote any more. It gives the following error:

"The version of this file is not compatible with the version of Windows you're running". Check you computer's system information to see whether you need an x86(320bit) or x64 (64-bit) version of the program, and then contact the software publisher.

When I saw this thread that there's a false positive, I tried to restore the file from the Chest, but this has not helped either.
Can somebody please provide some pointers?

Thanks


Offline theProtomartyr

  • Newbie
  • *
  • Posts: 4
Re: Win32:Malware-gen
« Reply #5 on: July 16, 2014, 03:18:59 AM »
I encountered the same problem when restoring the file from the chest and trying to use OneNote. I'm guessing the OneNote installation gets corrupted when Avast quarantines the file.

This is what I did to fix the problem and get OneNote working again:
- Uninstalled Microsoft Office (Might be a good idea to restart the comp after the uninstallation to "refresh" it)
- Temporarily disabled Avast Shields
- Installed Microsoft Office
- Re-Enable Avast Shields

This was easy for me since I had this computer for only a couple of days, so didn't have much installed to begin with. It would have been quicker if I knew how to uninstall OneNote by itself instead of having to uninstall all the components of Microsoft Office.

If you don't want to uninstall Microsoft Office entirely, I would probably search around how to uninstall/install OneNote by itself. Perhaps this link might provide some light : http://office.microsoft.com/en-us/onenote-help/install-or-remove-individual-office-programs-and-components-HA010354261.aspx

Have a good day!

Offline Renoir_5869

  • Newbie
  • *
  • Posts: 2
Re: Win32:Malware-gen
« Reply #6 on: July 20, 2014, 02:42:41 AM »
Thanks, I really appreciate your help.

Again, the situation is exactly the same for me. My PC is also new and I bought MS-Office 365 online. So it was a piece of cake, to uninstall and re-install Office. However, the first time round I forgot to turn off Avast. And in the middle of the installation, the moment ONENOTE.EXE landed, Avast reported it as a malware and quarantined it. I made the silly mistake of trying to restore it while the installation was still going on, but it didn't help.

So, one more round of uninstall and re-install with Avast turned off from the get-go, did the trick. Now, to make sure the problem does not resurface, I have added the file as well as the directory it is in, in the exclusions for a Quick Scan and the Full Scan. I have also submitted the file as a false positive, though I am not sure if that has worked. It appears that Avast wants to know the Version # of the file being submitted, and for the life of me, MS Office 365's interface is pathetic. There's no more the "Help" -> "About" menu.

Goal is now that they come up with a fix, so that I can remove the file and directory from the exclusions list.

Again, many thanks to theProtoMartyr for your help.