Hi all,
Recently Avast has been notifying me of Win32:Malware-gen files that are being stopped and quarantined on multiple machines on our network.
Viewing the files caught in the virus chest I can see the following.
The .dll files are being created in the users c:\windows\temp folder, then removed by Avast.
Event Viewer reports that the following service is being installed
just prior to the DLL's being created and Avast Quarantining them.
I have run one of the suspect .dll files through VirusTotal (attached below). Avast, AVG, Malwarebytes and CrowdStrike Falcon have reported the file as Malicious however the other 60+ Anti-Virus products report the file as
clean.
I am unsure if the files being quarantined are genuine threats or false positives.
Any help regarding this would be much appreciated.