Author Topic: apmsgfwd.exe a False Positive?  (Read 16286 times)

0 Members and 1 Guest are viewing this topic.

ekitchens

  • Guest
apmsgfwd.exe a False Positive?
« on: July 19, 2009, 03:59:55 PM »
Hello,

The latest update to Avast is telling me apmsgfwd.exe located in the C:\Program Files\DellTPad folder is a virus. I moved it to the chest and the "Last Changed Date" date in the chest is 3/22/08 1:32:04 AM. I do have the Alps touchpad drivers but I've had them for over a year now when I bought my laptop.

Before I moved the file to the chest, I restored my system to five days ago. Everything loaded fine as usual. No warnings. Only after Avast updates to this latest edition does it warn me on start up that a virus (ApMsgFwd.exe) has been found.

Is this a false positive? I've never had this happen before so I appreciate any advice you have.

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: apmsgfwd.exe a False Positive?
« Reply #1 on: July 19, 2009, 04:07:41 PM »
 Please submit the file to VirusTotal.

 Also, please post a link for the result of analysis.
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89012
  • No support PMs thanks
Re: apmsgfwd.exe a False Positive?
« Reply #2 on: July 19, 2009, 05:55:28 PM »
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ekitchens

  • Guest
Re: apmsgfwd.exe a False Positive?
« Reply #3 on: July 21, 2009, 09:12:25 PM »

Here's what I ended up with but I'm not sure how to read the results:

http://www.virustotal.com/analisis/766d77786f4feb729f65eec6708fb2de18132606d0c57e3c4af523a66ee46a5b-1248087428

How does it look?

Thanks for the help!

Also, I should add that the page shows a July 20 date for the scan but I just scanned it a few minutes ago (July 21). When I tried to upload it, Virus Total reported that the file had already been scanned. I assume by someone else out there in the world because it wasn't me. 
« Last Edit: July 21, 2009, 09:14:27 PM by ekitchens »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89012
  • No support PMs thanks
Re: apmsgfwd.exe a False Positive?
« Reply #4 on: July 21, 2009, 09:23:46 PM »
Well the results show that no scanners including avast detect this, however the VPS version used in the upload that you did is a couple of days old. So it is possible that a recent VPS updae has incorrectly detected this file, a false positive.

The latest VPS is (current version 090721-0), so ensure you have the latest version and scan the file again within the chest. If it is still detected report the detection as a false positive, right click on the file in the chest - select email to Alwil Software. It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

If it is no longer detected - Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ekitchens

  • Guest
Re: apmsgfwd.exe a False Positive?
« Reply #5 on: July 21, 2009, 09:34:27 PM »
Hi David,

Wow, strange results then. When it happened, it only happened on boot. I was so surprised when I started up my system (I'm the only user) and I got those radiation-looking symbols with the guy shouting at me that the ApMsgFwd.exe file was a virus. Anyway...

Just checked and I do have 090721-0. Did a re-scan of the file in the chest and Avast gave me the

Scanning of selected files

Action was completed successfully!

I take it that means nothing was found and I can restore it.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89012
  • No support PMs thanks
Re: apmsgfwd.exe a False Positive?
« Reply #6 on: July 21, 2009, 11:14:40 PM »
Yes, that means nothing was found (signature modified/corrected in a VPS Update) as if avast still considered it infected it would have alerted. So you can restore it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security