False positive? win32:malware-gen

[Tobias4051]

Hi,

During a boot scan today the following file was marked as a virus:
c:\MSOcache\Allusers\90000409-6000-11d3-8cfe-0150048383c9\L2561403.cab|>Finder.exe
infected by
win32:Malware-gen

it was moved to chest.

Could this be a false positive?

[DavidR]

There are a few topics relating to finder.exe and it looks like a false positive, so hopefully there will be a virus definitions update soon to correct it.

Ensure you have the latest signature updates and scan the file again within the chest.

[Milos]

Hello,
send us (virus@avast.com) the file to analyze, please.

Milos

[Tobias4051]

Hi,

Thank you for the fast reply.

Is it ok to email the file from the chest to the above address?  When the file is in the chest and I wish to send it as an attachment on an email, where do I browse to in order to find the file?

Do I have to restore the file to the original location and then email it from there?

Many thanks

[Milos]

Hello,
first try ro rescan that file -- this FP should be fixed in current VPS (110110-0).

Milos

[Tobias4051]

Hi,

I tried to restore the file to do another boot scan with the file back where it was, however it says that it can't be restored, the option in the drop down list is gray.

I have scanned the file in the chest several times, including once immediately after the boot scan that put it in the chest, before any avast updates.  When the file in the chest is scanned it has always said 'no virus'.

Thanks for your help.