Random DLL files being Quarantined by Avast

[Minty95]

Hi all,

Recently Avast has been notifying me of Win32:Malware-gen files that are being stopped and quarantined on multiple machines on our network.

Viewing the files caught in the virus chest I can see the following.



The .dll files are being created in the users c:\windows\temp folder, then removed by Avast.

Event Viewer reports that the following service is being installed just prior to the DLL's being created and Avast Quarantining them.



I have run one of the suspect .dll files through VirusTotal (attached below). Avast, AVG, Malwarebytes and CrowdStrike Falcon have reported the file as Malicious however the other 60+ Anti-Virus products report the file as clean.

I am unsure if the files being quarantined are genuine threats or false positives.

Any help regarding this would be much appreciated.

[Pondus]

I have run one of the suspect .dll files through VirusTotal (attached below). Avast, AVG, Malwarebytes and CrowdStrike Falcon have reported the file as Malicious however the other 60+ Anti-Virus products report the file as clean.

Always post link to scan results as there is lots of extra info we can't  see from a screenshot

Avast lab can then also fetch files from VT when they can see file SHA256 / MD5

I am unsure if the files being quarantined are genuine threats or false positives.

Best way to answer that is to send samples to avast lab
See my post here on how to report  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

[Minty95]

Always post link to scan results as there is lots of extra info we can't  see from a screenshot

Avast lab can then also fetch files from VT when they can see file SHA256 / MD5

Thanks Pondus,

Please find below a link to the scan results.

https://www.virustotal.com/#/file/0383ce989d457cb794099391ca9417194636d0617f4166c37cacaa48b1cc92e8/detection


As advised I have also sent a sample of the file to the Avast Threat Lab.