IDP.Generic found--Possible False Positive?

[strutter1969]

Hello, I had gone to run cleanupInternetFiles.jse which I've always had on my desktop computer, and I run it practically every morning. However, I got a message this morning from Avast telling me it's infected with IDP.Generic and the program got moved to the Virus Chest. I am guessing this could possibly be a False Positive? I am wondering how to resolve this, if this is a False Positive? Any help would be greatly appreciated. Thanks in advance. I am using Windows 7 X64 and I am using the most recent version of Avast.

[DavidR]

You can submit it for Analysis from the Virus Chest.

Or

You could try the Restore and add exception. 
Personally I wouldn't do this as you would never know if it is a False positive or not and it wouldn't subsequently be scanned.
Give it a few days and try the Restore (no exception) Avast would scan that when it is put back, if no alert you can assume the detection has been corrected.  Otherwise it would be sent back to the virus chest.

[strutter1969]

You can submit it for Analysis from the Virus Chest.

Or

You could try the Restore and add exception. 
Personally I wouldn't do this as you would never know if it is a False positive or not and it wouldn't subsequently be scanned.
Give it a few days and try the Restore (no exception) Avast would scan that when it is put back, if no alert you can assume the detection has been corrected.  Otherwise it would be sent back to the virus chest.

OK, I will do as you recommended and wait a few days & try Restore (no exception). and see what happens. Thanks much, DavidR.

[DavidR]

You're welcome.

I have found that some very old programs weren't digitally signed, so they come in for more detailed checks.

I also don't know if the file type .jsp might be though suspect. As there is an instance of .jse ransomware (a couple of years ago), so there is a possibility it might related (I don't know that for sure). 

A very long time ago I even got alerts on very old versions MS Word and Excel .exe files and nothing had change.  I suspect these very old files were removed from the clean list and since they weren't digitally signed, ping.  I ended up having to set an exception.

Edit: Have you thought of just clearing temporary internet files (when the browser is closed) in your browser settings ?
Would that not remove the need to run this program ?

[strutter1969]

You're welcome.

I have found that some very old programs weren't digitally signed, so they come in for more detailed checks.

I also don't know if the file type .jsp might be though suspect. As there is an instance of .jse ransomware (a couple of years ago), so there is a possibility it might related (I don't know that for sure). 

A very long time ago I even got alerts on very old versions MS Word and Excel .exe files and nothing had change.  I suspect these very old files were removed from the clean list and since they weren't digitally signed, ping.  I ended up having to set an exception.

Edit: Have you thought of just clearing temporary internet files (when the browser is closed) in your browser settings ?
Would that not remove the need to run this program ?

Ya know, I keep thinking about doing it that way, but, I have been so used to using cleanupInternetFiles.jse....creature of habit, I guess you could call me. Heehee!! But yes, I should probably start doing it that other way, as you suggested. 

[DavidR]

Yes it can be difficult breaking old habits

[strutter1969]

Yes it can be difficult breaking old habits

Yes, it can. 

I wanted to let you know, I just a short while ago did as you suggested and tried Restore (no exception), and it is still saying it's infected with IDP.Generic. I did run a Smart Scan, and it showed no threats of any kind.

It also did the same thing when I went to run Disk Cleanup and Disk Defragmenter, it said they were infected with IDP.Generic, too...these latter 2, they weren't like this when I've run them, this just happened this AM.

[rocksteady]

... I did run a Smart Scan, and it showed no threats of any kind.

Have you tried a Full Scan since the event. "Smart Scan" is not fully comprehensive to put it mildly.

[strutter1969]

... I did run a Smart Scan, and it showed no threats of any kind.

Have you tried a Full Scan since the event. "Smart Scan" is not fully comprehensive to put it mildly.

Yes, I did a Full Scan, and there was nothing found.

[strutter1969]

I wanted to mention that I did submit them for analysis via the Virus Chest. Will I be contacted once the analysis has been done, and should I also fill out the false positive file form?

[DavidR]

I don't believe you get a response sending the file/s from the virus chest, that would require your details being sent with the file and I don't think that happens.

There used to be a function to scan the file that was in the virus chest (why that is no longer there is beyond me).  The only way to test is to Restore if it is still detected (it would be placed back in the virus chest), so you would know it is still considered malicious.  Otherwise if no alert, then it would appear to have been a false positive that has been corrected.

[strutter1969]

Hello, I just wanted to share that I restored the programs and ran them to see what would happen. They ran without any issues, and Avast didn't detect them being infected with IDP.Generic. So, it looks to be everything has been corrected. 


Thank you so much again, and Happy 4th to all in the U.S.!! 

[DavidR]

You're welcome, thanks for the feedback.