Author Topic: win32:malware-gen detected  (Read 6049 times)

0 Members and 1 Guest are viewing this topic.

Offline N0rT013

  • Jr. Member
  • **
  • Posts: 85
win32:malware-gen detected
« on: July 26, 2014, 06:36:37 PM »
Win 7 Dell machine. Ran Avast scan this am and came up with above infection. Ran boot scan and Malwarebytes scan and both were clean. Avast put it in the virus chest.  Do I need to do anything else and is machine clean now?  Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: win32:malware-gen detected
« Reply #1 on: July 26, 2014, 06:42:05 PM »
Somone just reported a possible FP with that detection name.... see viruses and worms forum section


What file was detected ..... and location, full file path

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: win32:malware-gen detected
« Reply #2 on: July 26, 2014, 06:58:46 PM »
What vps version do you have?

Offline N0rT013

  • Jr. Member
  • **
  • Posts: 85
Re: win32:malware-gen detected
« Reply #3 on: July 26, 2014, 08:58:55 PM »
VPS version - not sure what vps is but my program version is 2014.9.0.2021 and virus defs are 140726-1. This is what is described in virus chest: C:\dell\FIST\CSRSS_cancel.exe - also says that it last changed 1/26/2007?? Don't guess I understand this stuff. Anyway don't know if that is the info you are asking for Pondus but it's all I have come up with. Is there somewhere else to look for that info? Also, will check out virus and worm section. possible FP. Thanks very much.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: win32:malware-gen detected
« Reply #4 on: July 26, 2014, 09:08:19 PM »
Quote
C:\dell\FIST\CSRSS_cancel.exe
seems to be a Dell file .... but no info found online. I will check with somone


Vipre antivirus have detected same file.   posted Jul 4, 2014
http://community.spiceworks.com/topic/533045-csrss_cancel-exe-quarntined-by-vipre-anti-virus



« Last Edit: July 26, 2014, 09:11:57 PM by Pondus »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: win32:malware-gen detected
« Reply #5 on: July 26, 2014, 09:09:44 PM »
You can report it to avast lab as Possible False Positive using one of these options
you may add a link to this topic in case they reply here


You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: win32:malware-gen detected
« Reply #6 on: July 26, 2014, 09:21:25 PM »
There is a problem with the vps when it comes to mal:gen
It is already partially fixed in 20140726-1
For me it detected the main .exe of MS Flight Sim 2004 as malware.

Only thing we can do at this moment is reporting them and hope that avast will fix it soon.

Offline N0rT013

  • Jr. Member
  • **
  • Posts: 85
Re: win32:malware-gen detected
« Reply #7 on: July 26, 2014, 09:27:52 PM »
Well unfortunately I have no idea what the program name or publisher is. I cannot tell from that line in the virus chest what that info would be. I will go with Eddy and wait for Avast to fix. Unless someone can tell me where to find the program, publisher etc. to report it out of virus chest. thanks.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: win32:malware-gen detected
« Reply #8 on: July 26, 2014, 09:30:33 PM »
A new vps version has just been released 20140726-2
Could be it is solved now.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: win32:malware-gen detected
« Reply #9 on: July 26, 2014, 09:37:46 PM »
A new vps version has just been released 20140726-2
Could be it is solved now.
OK ....

@N0rT013  right click the file in chest and scan it ..... still detected ?
Quote
Unless someone can tell me where to find the program, publisher etc. to report it out of virus chest. thanks.
see link in post above .... how to use chest

Essexboy agree, say this is a false positive



« Last Edit: July 26, 2014, 09:42:50 PM by Pondus »

Offline N0rT013

  • Jr. Member
  • **
  • Posts: 85
Re: win32:malware-gen detected
« Reply #10 on: July 26, 2014, 11:34:56 PM »
Did the scan in the chest - comes up with a window with that malware name in it. Does that mean it's still in the works? And it's not an FP?  Also, I know how to use the chest - I just don't know how to determine the name of the publisher-program etc. unless I'm missing something and that's very possible. Pls enlighten me. Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: win32:malware-gen detected
« Reply #11 on: July 27, 2014, 01:47:58 AM »
Quote
  Did the scan in the chest - comes up with a window with that malware name in it. Does that mean it's still in the works?     
Not fixed yet ......


Quote
    I just don't know how to determine the name of the publisher-program etc. unless I'm missing something and that's very possible. Pls enlighten me. Thanks.     
You mean info about the file in chest?
There is no info like that in chest

Offline N0rT013

  • Jr. Member
  • **
  • Posts: 85
Re: win32:malware-gen detected
« Reply #12 on: July 27, 2014, 01:26:25 PM »
You mean info about the file in chest?
There is no info like that in chest


So can u tell me where I go to find that info? program, publisher, etc. Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: win32:malware-gen detected
« Reply #13 on: July 27, 2014, 04:06:44 PM »
Quote
So can u tell me where I go to find that info? program, publisher, etc. Thanks.
if you upload file(s) to www.virustotal.com  it will give some extra file info .... click the file detail / additional info tabs at top


Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: win32:malware-gen detected
« Reply #14 on: July 27, 2014, 04:30:15 PM »
I personally think this procedure should and could be made a lot simpler and easier for those
taking the time trying to make a submission.  :o
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet