Virus Win32:Malware-gen identified during 'routine' scan by Avast

[inexp2]

I have used Avast 4.8 Home edition since August and don't know what I am doing. Avast found Win 32:Malware-gen during a routine scan and I had Avast quarantine it. Avast Virus chest gives the following information about the file:nvNetUtils.exe, original location:C:\Program Files\NVIDIA Corporation\NetworkDiagnostic,last changed 3/19/2007 10:25:06 A.M., Transfer time 11/6/2009 6:29:24 P.M., Virus Win 32:Malware-gen.The network diagnostic checks the network connection from your computer to the NVIDIA server. How do you upload to a testing service?  I have uploaded it to Avast. Thanks in advance for any help.

I have also checked the file in the virus chest and it still is identified as a virus. I tried to add same file to user files and when scanned there it was not identified as a virus. I do not know if I did this correctly.

inexp2

[mkis]

Can you send the file to virustotal  http://www.virustotal.com/

likely a false positive - not unusual for Nvidia desktop to trigger conflict with browser connect nor for diagnostics to return false positive readings. Someone else more qualified with FPs may add to this but I think you okay. 

[inexp2]

Can you send the file to virustotal  http://www.virustotal.com/

likely a false positive - not unusual for Nvidia desktop to trigger conflict with browser connect nor for diagnostics to return false positive readings. Someone else more qualified with FPs may add to this but I think you okay. 

I do not know how to put it in a place where virustotal could upload it and I have tried to put it in user part of chest and ended up putting it in a "wrong" folder of avast. It was then detected as a virus and placed a second time in avast virus chest! I see no option to upload to virustotal when I click on file in avast chest: only one to send it to avast which I have done...
inexp2.

[DavidR]

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

[inexp2]

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

I tried this and access was denied to this file. Maybe it matters that I have Windows Vista Home Premium SP2. I am also using Windows Firewall. I hope someone can tell me what to do now. I do use the nagging user control thing...Am the administrator of this computer but not well versed in administrator's tools.
inexp2.

[DavidR]

It doesn't matter what the OS is as avast will block any action on the file (including uploading to VT), that is why it needs to be in a location which you have pre-excluded as in the second paragraph of my post.

If you can explain in more detail exactly what you were doing and when you get the access denied ?

There is no option within avast to upload to VirusTotal, that is why I gave instructions on what to do to prepare to upload it. Having done that, you then click on the virustotal link, there is a Browse button having clicked that a navigation window pops up. Using that navigate to the Suspect folder you created and select the nvNetUtils.exe.

When uploaded VT will scan it with all its scanners and once done, there is a URL in the address bar of your browser, copy that as it provides a link for the results you see, post it into the topic.

[inexp2]

It doesn't matter what the OS is as avast will block any action on the file (including uploading to VT), that is why it needs to be in a location which you have pre-excluded as in the second paragraph of my post.

If you can explain in more detail exactly what you were doing and when you get the access denied ?

There is no option within avast to upload to VirusTotal, that is why I gave instructions on what to do to prepare to upload it. Having done that, you then click on the virustotal link, there is a Browse button having clicked that a navigation window pops up. Using that navigate to the Suspect folder you created and select the nvNetUtils.exe.

When uploaded VT will scan it with all its scanners and once done, there is a URL in the address bar of your browser, copy that as it provides a link for the results you see, post it into the topic.

I right clicked avast in system tray, selected On-Access Protection control, selected Standard shield(which is on high sensitivity).selected "customize". From there, resident task settings; clicked tab for "Advanced". This is not "Scanner( Advanced)". Second 'item' under this states:"Here you can modify the locations that will not be scanned and/or tested (global exclusions are not appended)." This is where I listed that folder. I right clicked the folder and selected "send to". Then an option to send to Virus Total appeared.
Then the warning "access denied". I have since scanned this folder with Avast and put it in the avast virus chest since I am too afraid to do otherwise.
inexp2

[mkis]

@ inexp2

Look sorry I had to rush out and forgot that you need to move the file out of the chest to upload to virustotal. But follow the instructions as detailed by DavidR. He has gone through this many times with new members to the forum. You dont need to rush. There is plenty of time.  

[inexp2]

@ inexp2

Look sorry I had to rush out and forgot that you need to move the file out of the chest to upload to virustotal. But follow the instructions as detailed by DavidR. He has gone through this many times with new members to the forum. You dont need to rush. There is plenty of time.  

I extracted to a folder as suggested by DavidR, but the right clicking to send to Virus total produced access denied. I don't know if the way Virus Total got put into the menu has anything to do with why access was denied. I don't think I went online with "administrative rights" when I downloaded vtsetup to desktop.
inexp2.

[Tarq57]

Don't worry about downloading the link to the desktop (The link posted was for virustotal.)
Just click on the link, and it will open the website in a new tab or window. On that website, click the browse button, and use the explorer-like interface to locate the file in the folder you have created. Then upload it. (there is an upload button, titled "send file".)
Wait for the scanning to finish.
Please post the URL (copy and paste it from the browser address bar direct into your next post) once the results are in.
There is a good chance it has already been scanned, if so, post the permalink it comes up with. (Have a look at that results page yourself, to get a bit of an idea, too, if that's the case.)

[mkis]

Thanks Tarq. I only just arrived home and was about to post a reply.

[Tarq57]

No worries. Joint effort. All good.

[inexp2]

Don't worry about downloading the link to the desktop (The link posted was for virustotal.)
Just click on the link, and it will open the website in a new tab or window. On that website, click the browse button, and use the explorer-like interface to locate the file in the folder you have created. Then upload it. (there is an upload button, titled "send file".)
Wait for the scanning to finish.
Please post the URL (copy and paste it from the browser address bar direct into your next post) once the results are in.
There is a good chance it has already been scanned, if so, post the permalink it comes up with. (Have a look at that results page yourself, to get a bit of an idea, too, if that's the case.)

This seemingly worked. Apparently someone else had uploaded the samething on 6/25/2009. I got the following before I had it re-evaluated:
File has already been analysed:
MD5: aa1dbedfc493dffac3d9ee0feee15d06
First received: 2009.06.25 08:09:56 UTC
Date: 2009.06.25 08:09:56 UTC [>136D]
Results: 0/41
Permalink: analisis/5f95fd9fc45d8d2b112586ab4778accf9919ade5df73ac7589eb6f79f7e92d39-1245917396
Is this what you need ? After it finished, it said Result 3/40(7.5%). Now what?
inexp2.

[Tarq57]

Ah. It is looking more like it may be a false positive (only three out of the 40 scanners detect it) but what we need is the link.

To get that, click on the permalink yourself, and the analysis will open in a new tab or window. Then copy the address in the address bar of that tab/window, and post it, thanks.

[inexp2]

Ah. It is looking more like it may be a false positive (only three out of the 40 scanners detect it) but what we need is the link.

To get that, click on the permalink yourself, and the analysis will open in a new tab or window. Then copy the address in the address bar of that tab/window, and post it, thanks.

http://www.virustotal.com/analisis/5f95fd9fc45d8d2b112586ab4778accf9919ade5df73ac7589eb6f79f7e92d39-1245917396. Ok. Hope I did this right!
inexp2.