False Positive

[BKKKPewsey]

Here we go again!!! Avast showing 2 dll files which are part of epson status monitor has having Win32:malware gen. This after last update (current VPS version 091216-0). Files in question are EBAPI4.DLL & E_FBA6FIE.DLL   

[igor]

Did you submit these files are false positives?

[BKKKPewsey]

Not yet just found out in last 5 mins thought I would give u guys heads up first

[DavidR]

You could also confirm or deny the detection by checking the offending/suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

[BKKKPewsey]

Already checked with virustotal only Avast is flagging alarm after submitting rescan

[spg SCOTT]

Hmmm...I have 'EBAPI4.DLL' and it scans clean... With VPS 091216-0
(even on VT)

Where is your one located?

[BKKKPewsey]

C:\Windows\System32\spool\drivers\w32x86\3

[BKKKPewsey]

Wifes laptop has just received update VPS and showing virus alert too

[BKKKPewsey]

Further info for u guys file version for EBAP14.dll is V5.15.0.0 Hope that helps (printer only 1 month old) 

[igor]

To fix the problem, we need that file... so please use the "Report as false positive" link in the virus warning window to submit the file (or, you can pack it into a password-protected archive and send it by e-mail to virus@avast.com, together with the password).
Thanks.

[Vicenarian]

Yeah I have this problem too...all these files are being flagged as false positives:

Win32:Malware-gen" has been found in

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBA6FJA.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EBAPI4.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EBAPI4.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EBPBIDI.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBA6FIA.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBAPFIA.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBAPFJA.DL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBL6FIA.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBL6FJA.DLL




I already sent them in for analysis, but I have no idea what the program version is...as the Epson printer suite contains like 3 different pieces of software...one to manage fax, another to manage network printing, and another to manage some other stuff, but I can say I just bought this printer (an Epson Worforce 610) last week, so it is very new.

I have a theory why this is happening though...When you install this printer, it gives you the option to install either network or usb drivers. Of course, being a wifi printer, I installed and am using the networking drivers. Thus, this might be one reason behind the files being flagged as a trojan (trojan being something that operates over a network)?

[Allblack]

I have just encountered this problem

[Milos]

Hello,
thank you for notice. Fixed false positive will be released soon.

Milos

[Tony53]

Same thing happening here. What has happened to avast! Once is an unfortunate mistake, twice is sheer incompetence.

[Milos]

Same thing happening here. What has happened to avast! Once is an unfortunate mistake, twice is sheer incompetence.

Hi,
sending the same useless post don't help fix the false positive.

Milos