RESOLVED Avast alerts on ShowWnd.exe and hpoapd01.exe as Win32:Malware-gen

[MAG]

Avast has just alerted on these two files during a quick scan on my XP machine.

Virus definitions version 110206-0

They show as unmodified since 2003 and 2005 respectively, and so must have been scanned 100's of times previously.

SAS and mbam both scan them as clean.

Anybody else experienced this today?
(I have submitted to avast)
Thanks

[spg SCOTT]

What is the path of the files?

Have you submitted them to virustotal?

[MAG]

What is the path of the files?
C:\WINDOWS\ShowWnd.exe
C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpoapd01.exe
Have you submitted them to virustotal?

No - they are still in the avast chest (I can't think that I've ever submitted anything to virustotal. Would I have to extract them to a 'suspect' folder to be able to browse to them in VT?).

Thanks

[spg SCOTT]

Info for the showwnd.exe: http://www.bleepingcomputer.com/startups/ShowWnd.exe-9519.html
It seems that the otherone, from searching is related to a hp product: http://www.file.net/process/hpotdd01.exe.html

Instructions on how to send the files to VT, courtesy of DavidR:

...
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

[MAG]

Thanks for your help.

It appears that ShowWnd.exe is a FP - only Gdata and avast detect it
http://www.virustotal.com/file-scan/report.html?id=daacafb56d9cb31163c07c34a76220cb3576bd987a34bb727857be2ca76af060-1297008046

The other file is detected by Gdata, avast, norman, nprotect and thehacker. I'll wait for an avast update before restoring/excluding it I think.
http://www.virustotal.com/file-scan/report.html?id=929b14a2ae0dd8664efbe1363fbb5aa656aec827bfc92347ad56d51fecdc4a63-1297008301

[Asyn]

It appears that ShowWnd.exe is a FP - only Gdata and avast detect it
http://www.virustotal.com/file-scan/report.html?id=daacafb56d9cb31163c07c34a76220cb3576bd987a34bb727857be2ca76af060-1297008046

You can report the FP here: http://www.avast.com/contact-form.php?loadStyles

[MAG]

It appears that ShowWnd.exe is a FP - only Gdata and avast detect it
http://www.virustotal.com/file-scan/report.html?id=daacafb56d9cb31163c07c34a76220cb3576bd987a34bb727857be2ca76af060-1297008046

You can report the FP here: http://www.avast.com/contact-form.php?loadStyles

Thanks. I've already reported the FP via the virus chest route. The other I've left as reported potential malware by the vc route.

[MAG]

Both files now scan clean. Thanks to avast for a quick response.