Author Topic: IDP Generic Infection  (Read 102535 times)

0 Members and 1 Guest are viewing this topic.

Offline Spiritual2016

  • Sr. Member
  • ****
  • Posts: 242
IDP Generic Infection
« on: February 23, 2017, 05:22:16 AM »
At 8:20pm Pacific on Wed, I updated my automatic dialer software program 'Gravis Easy Phone' but Avast detected it as a false positive threat:

Object: C:\Users\User\AppData\Local\Apps\..\Gep8.exe

Infection: IDP Generic

'Threat was detected and blocked just before the attack.'


« Last Edit: February 23, 2017, 05:32:54 AM by Spiritual2016 »

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: IDP Generic Infection
« Reply #1 on: February 23, 2017, 05:30:18 AM »
The detection is from Avast! Behaviour shield that monitors for malware like behaviour.

So necessarly the app did something identical to malware that triggered this.And since IDP Didn't prompt you for action means it had a high accuracy for the file being bad.

I will try and get someone from Avast! To take a look.

Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Spiritual2016

  • Sr. Member
  • ****
  • Posts: 242
Re: IDP Generic Infection
« Reply #2 on: February 23, 2017, 05:32:14 AM »
TrueIndian:

I updated my automatic dialer software 'Gravis Easy Phone' but Avast detected it as a threat.

I went into the Virus Vault, selected Gep8.exe, and right-clicked 'Restore and add excursion' but it is still in the Virus Vault.

After signing into the software, Windows firewall blocked it so I gave permission to allow access.

Does restoring it keep a copy in the Virus Vault (and it has to be deleted manually) or is the Virus Vault supposed to empty when a file is restored?
« Last Edit: February 23, 2017, 05:41:58 AM by Spiritual2016 »

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: IDP Generic Infection
« Reply #3 on: February 23, 2017, 05:35:56 AM »
TrueIndian:

I went into the Virus Vault and selected 'Restore and add excursion' but it is still in Virus Vault.

Does it restore a copy and save a copy in Virus Vault that has to be deleted manually or is the Virus Vault supposed to empty when a file is restored?

Yes it restores and saves a copy in the chest.This may actually not be a fp since it was caught via behaviour.Its better off not adding it to exclusion since we don't want to infect the system if it is bad by any chance.
« Last Edit: February 23, 2017, 05:37:51 AM by TrueIndian »
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Spiritual2016

  • Sr. Member
  • ****
  • Posts: 242
Re: IDP Generic Infection
« Reply #4 on: February 23, 2017, 05:46:42 AM »
TrueIndian:

Every time there is a software update for Gravis EasyPhone, Avast detects it as a threat but it is a legitimate update so it 'is' a false positive.

I already 'restored it and added it as an exclusion' so that it is not recognized as a threat again.

What I am asking: Since Avast saves a copy in the Virus Vault even after restoring it, should I delete it manually from the Virus Vault?

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: IDP Generic Infection
« Reply #5 on: February 23, 2017, 05:49:42 AM »
Yes you can.

Also,can you upload the detected file to www.virustotal.com and post the link to the results here please.

It will give us a clear view of the file.  :)
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Spiritual2016

  • Sr. Member
  • ****
  • Posts: 242
Re: IDP Generic Infection
« Reply #6 on: February 23, 2017, 05:56:40 AM »
Gep8.exe is the file and here is more info on it: https://www.reasoncoresecurity.com/gep8.exe-d4f9056e945705d9644fe9ad436b8f45bc8d37ed.aspx:

*Since my software update is always named Gep8.exe: By selecting 'Restore and Add Exclusion,' will Avast recognize it as a threat again the next time it is updated or will Avast ignore future updates as a threat because Gep8.exe has been excluded from being detected?

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: IDP Generic Infection
« Reply #7 on: February 23, 2017, 05:59:22 AM »
No once added to exclusions will not be monitored or detected.Sorry but you need to upload the file here:
www.virustotal.com

and post the results here and I already saw the website link you posted.I google searched it.  :)
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Spiritual2016

  • Sr. Member
  • ****
  • Posts: 242
Re: IDP Generic Infection
« Reply #8 on: February 23, 2017, 06:01:05 AM »
Thanks for your assistance.

I 'know' that the file is legit because GEP8=Gravis Easy Phone Version 8.

I access the software through the desktop shortcut icon not an .exe file. I checked the Gravis Folder but it only the Setup file is listed and Windows Search did not detect Gep8.exe

I just ran a full virus scan and no threats were detected.

« Last Edit: February 23, 2017, 06:44:52 AM by Spiritual2016 »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1126
Re: IDP Generic Infection
« Reply #9 on: February 23, 2017, 07:19:56 AM »
Hi,
If you access the file via shortcut, right click the shortcut, select Properties and look at the "Target" field. That is the path to the file that needs to be sent to us, either directly, or if you upload it to virustotal, we will know which file it is.

Offline Spiritual2016

  • Sr. Member
  • ****
  • Posts: 242
Re: IDP Generic Infection
« Reply #10 on: February 23, 2017, 07:29:10 AM »
Gep8 is not listed in Properties or in the Windows Explorer 'Gravis' directory.

When Avast detected the threat, the Object was: C:\Users\User\AppData\Local\Apps\..\Gep8.exe so I found it that way

Do I email it to Avast at 'submit@virus.avast.com with the subject line Undetected Malware' or upload it at Virus Total and click 'Scan It?'



« Last Edit: February 23, 2017, 08:13:01 AM by Spiritual2016 »

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: IDP Generic Infection
« Reply #11 on: February 23, 2017, 08:25:38 AM »
Gep8 is not listed in Properties or in the Windows Explorer 'Gravis' directory.

When Avast detected the threat, the Object was: C:\Users\User\AppData\Local\Apps\..\Gep8.exe so I found it that way

Do I email it to Avast at 'submit@virus.avast.com with the subject line Undetected Malware' or upload it at Virus Total and click 'Scan It?'

I suggest you upload to VT
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Spiritual2016

  • Sr. Member
  • ****
  • Posts: 242
Re: IDP Generic Infection
« Reply #12 on: February 23, 2017, 08:28:05 AM »
I am uploading it to Virus Total now.

Please provide me with an update once there is one.

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: IDP Generic Infection
« Reply #13 on: February 23, 2017, 08:29:01 AM »
I am uploading it to Virus Total now.

Please provide me with an update once there is one.

Post the link to the scan results here once it finishes analysing.  :)
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Spiritual2016

  • Sr. Member
  • ****
  • Posts: 242
Re: IDP Generic Infection
« Reply #14 on: February 23, 2017, 08:34:59 AM »
Link to Virus Total Summary: https://virustotal.com/en/file/80e2673f2989a3b81df5ab12a2ac9e1d9f0e1c77ad4eb342895af5bd3eddf2ee/analysis/1487835120/

*Keep in mind that Avast does not detect it because I 'Restored and Added Exclusion' earlier, remember?
« Last Edit: February 23, 2017, 08:37:28 AM by Spiritual2016 »