Hitman Pro scan calls 2 Avast files malware

[tere7]

Hitman Pro scan found the file called algo.dll in 2 the folders below and called it malware, saying "One or more antivirus vendors have indicated that the file is malicious."
C:\Program Files\AVAST Software\Avast\defs\19021602 and
C:\Program Files\AVAST Software\Avast\defs\19021510

[schmidthouse]

Well I'm no expert but I'd say those files are Avast Virus definition files that Avast uses to scan for similar and help protect your OS.

[Asyn]

Well I'm no expert but I'd say those files are Avast Virus definition files that Avast uses to scan for similar and help protect your OS.

Correct.

[schmidthouse]

Well I'm no expert but I'd say those files are Avast Virus definition files that Avast uses to scan for similar and help protect your OS.

Correct.

Thanks Asyn 

[mchain]

Typical false positive report where two active real-time antivirus program scanners are installed and running at the same time. 

One or both reports the virus definitions running in system memory of the other as actual malware/viruses when it is not:  https://forum.avast.com/index.php?topic=211973.0

Why are you running HitMan Pro?

[schmidthouse]

Typical false positive report where two active real-time antivirus program scanners are installed and running at the same time. 

One or both reports the virus definitions running in system memory of the other as actual malware/viruses when it is not:  https://forum.avast.com/index.php?topic=211973.0

Why are you running HitMan Pro?

Good question

[tere7]

Thanks everyone.  I just run Hitman Pro on demand sometimes to double check.  it was once recommended.  It's not always actively running so shouldn't conflict with Avast.  Thanks for the link to the topic; I'll read it now.

[DavidR]

The main issue is that hitman pro is running it is using multiple different AV scanners, this certainly increases the potential for false positives.

Even if it were just a single scanner, when one scanner scans another's installation area there is a high likelihood that files could be pinged, because of the location of the file and its task. 

When searching out malware you have to be in a position and be on the lookout for what malware actually does. This could make that look suspicious.

[tere7]

Well I didn't feel good about it so I downloaded the Sophos Virus Removal Tool which  supposedly can run alongside another anti-virus product.  This time I disabled Avast before starting the scan.  It found that one of the Avast files is infected with Mal/Behav-009, but it was unable to remove it.  Still don't feel good about assuming it's just due to running another antivirus along with Avast.  I don't understand what  DavidR means by "When searching out malware you have to be in a position and be on the lookout for what malware actually does. This could make that look suspicious."

[DavidR]

Well just taking a look at what Sophos supposedly found, 'Mal/Behav-009' (but you don't give the file name and location), taken from that malware name and expanding my supposition of the name 'Malware Behaviour number 009' this would appear to be a generic 

There are signatures and functions in avast that will looking out for and detecting behavioural malware, etc. and it is entirely possible to have another AV to incorrectly identify one of these files/actions as malicious.

I hope you can see what I'm getting at now.  Also if you consider the two (multiple) scans by hitman pro and sophos, only one detection was made by sophos and that wasn't one of those found by hitman pro, nor were any of the others found by hitman pro found by sophos.  So there we have inconsistency between those multiple AVs.

Also not that the algo.dll file is digitally signed by avast.

[bob3160]

A simple example.
A hacker installs a keylogger on your system - This is dangerous and needs to be blocked.
You install a keylogger to check on someone using your system - Not dangerous because you installed it and you control it.
You are the only one who can determine if the keylogger is dangerous or safe. Not some program you installed. It can only alert you no more, no less.
 
.

[tere7]

Ok I'll just have to trust you all.
Just to clarify, the findings from the 2 scans (Sophos & Hitman Pro) are the same.  This is from the Sophos logfile, which I didn't look at until later:

2019-02-16 16:36:53.254   >>> Virus 'Mal/Behav-009' found in file C:\Program Files\AVAST Software\Avast\defs\19021510\algo.dll
2019-02-16 16:38:20.864   >>> Virus 'Mal/Behav-009' found in file C:\Program Files\AVAST Software\Avast\defs\19021602\algo.dll

Thanks again for all the replies.

[DavidR]

You're welcome.

Digital signing of files should give an additional degree of confidence on the file being clean.  If a file has/had been altered after signing, then the digital signature would be invalid.