Author Topic: Win32:malware-gen in charmap.exe (windows file)  (Read 6936 times)

0 Members and 1 Guest are viewing this topic.

Offline cadremis

  • Sr. Member
  • ****
  • Posts: 374
  • Proud Mexican Avast User
Win32:malware-gen in charmap.exe (windows file)
« on: March 12, 2010, 10:19:23 PM »
I just made a boot scan with Avast and I was surprised that a Win32:malware-gen was found in system32/dllcache  charmap.exe.
I was not able to repair not eve to move to the virus chest.

The only option availiable was to delete but it warned me it was a windows file, my computer is running well right now  and my question is:

Will I have problems for removing a windows file?
What kind of problems will I have because of this?

Please advise...rm
1.-W/7 Ultimate SP1,32bts Intel Core 2 CPU 6300 1.86Ghz 2G RAM Intel G965.
Avast Free 7.0.1474, Online Armor Free Firewall 6.0.0.1736, Firefox 17.01, SandBoxie 3.76,Free,Mbam & SAS,PandaUSB Vaccine

Offline cadremis

  • Sr. Member
  • ****
  • Posts: 374
  • Proud Mexican Avast User
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #1 on: March 12, 2010, 10:27:24 PM »
I forgot to add the log file, here it is:
1.-W/7 Ultimate SP1,32bts Intel Core 2 CPU 6300 1.86Ghz 2G RAM Intel G965.
Avast Free 7.0.1474, Online Armor Free Firewall 6.0.0.1736, Firefox 17.01, SandBoxie 3.76,Free,Mbam & SAS,PandaUSB Vaccine

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #2 on: March 12, 2010, 10:27:42 PM »
Hmmm... seems a false positive. Please, upload it to www.virustotal.com
But if it is infected, the removing of a system file shouldn't be easy, as you could do more harm than good (sometimes).
Can you check the virustotal and post back?
The best things in life are free.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37060
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #3 on: March 12, 2010, 10:36:45 PM »
Windows Hidden Extra Programs

C:\WINDOWS\system32\charmap.exe
http://www.sosol.com/docs/WinHiddenExtraPrograms.pdf
« Last Edit: March 12, 2010, 10:43:40 PM by Pondus »

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #4 on: March 12, 2010, 10:46:55 PM »
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline cadremis

  • Sr. Member
  • ****
  • Posts: 374
  • Proud Mexican Avast User
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #5 on: March 13, 2010, 12:30:43 AM »
Hey guys! one way or the other the file is in the virus chest now and when I analize it with Avast there see what it says.

What do I do to successfully send it to virust total?
1.-W/7 Ultimate SP1,32bts Intel Core 2 CPU 6300 1.86Ghz 2G RAM Intel G965.
Avast Free 7.0.1474, Online Armor Free Firewall 6.0.0.1736, Firefox 17.01, SandBoxie 3.76,Free,Mbam & SAS,PandaUSB Vaccine

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37060
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #6 on: March 13, 2010, 12:35:33 AM »
Windows Hidden Extra Programs

C:\WINDOWS\system32\charmap.exe
http://www.sosol.com/docs/WinHiddenExtraPrograms.pdf

???
@Zyndstoff 
It is what i found when googling the file in the log he sendt
and he was asking " Will I have problems for removing a windows file? "
« Last Edit: March 13, 2010, 01:26:30 AM by Pondus »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85365
  • No support PMs thanks
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #7 on: March 13, 2010, 01:29:25 AM »
Hey guys! one way or the other the file is in the virus chest now and when I analize it with Avast there see what it says.

What do I do to successfully send it to virust total?

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

- avast5 - Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline cadremis

  • Sr. Member
  • ****
  • Posts: 374
  • Proud Mexican Avast User
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #8 on: March 13, 2010, 02:57:52 AM »
I uploade the file to virus total and no results of malware were given.

http://www.virustotal.com/es/analisis/2fc82cc4b5874d0e5a5f7c3eac5e8142a5e2eb708b7882733a5919e6e5294be3-1268445241

The file is still in the virus chest... could it be a false positive?

Adivse what to do, I do not want to remove it till I'm sure this is a malicious exe file.

1.-W/7 Ultimate SP1,32bts Intel Core 2 CPU 6300 1.86Ghz 2G RAM Intel G965.
Avast Free 7.0.1474, Online Armor Free Firewall 6.0.0.1736, Firefox 17.01, SandBoxie 3.76,Free,Mbam & SAS,PandaUSB Vaccine

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85365
  • No support PMs thanks
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #9 on: March 13, 2010, 03:11:09 AM »
Have you got the latest virus signatures (version 100313-0) as avast doesn't detect this on virustotal. So it looks like the detection has been corrected.

Do a manual Update to ensure you have the latest version if not the same number as above.

If you have the same version number as above, scan the file within the chest again, If it isn't detected then Restore the file to the original location.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline cadremis

  • Sr. Member
  • ****
  • Posts: 374
  • Proud Mexican Avast User
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #10 on: March 13, 2010, 03:15:20 AM »
Thanks, I updated Avast and new update does not detect it as a malware-gen... I will restore it to its original position.

I guess alwil corrected this false positive...

One more question, I restored the file but it is still in the virus chest? why?

Advise...rm
1.-W/7 Ultimate SP1,32bts Intel Core 2 CPU 6300 1.86Ghz 2G RAM Intel G965.
Avast Free 7.0.1474, Online Armor Free Firewall 6.0.0.1736, Firefox 17.01, SandBoxie 3.76,Free,Mbam & SAS,PandaUSB Vaccine

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85365
  • No support PMs thanks
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #11 on: March 13, 2010, 04:12:46 AM »
It is safer that way, if for some reason the restore failed and the file isn't in the original location you would have no copy of the file. Once you restore it, confirm that it is back in the original location and then you can manually delete it from within the chest.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline cadremis

  • Sr. Member
  • ****
  • Posts: 374
  • Proud Mexican Avast User
Re: Win32:malware-gen in charmap.exe (windows file) CLOSED THREAD
« Reply #12 on: March 13, 2010, 03:12:04 PM »
Done..... tks for the help...rm
1.-W/7 Ultimate SP1,32bts Intel Core 2 CPU 6300 1.86Ghz 2G RAM Intel G965.
Avast Free 7.0.1474, Online Armor Free Firewall 6.0.0.1736, Firefox 17.01, SandBoxie 3.76,Free,Mbam & SAS,PandaUSB Vaccine

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85365
  • No support PMs thanks
Re: Win32:malware-gen in charmap.exe (windows file)
« Reply #13 on: March 13, 2010, 04:57:42 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security