Author Topic: UNIDRV.DLL being detected as Win32:Malware-Gen  (Read 24958 times)

0 Members and 1 Guest are viewing this topic.

Andrew71

  • Guest
UNIDRV.DLL being detected as Win32:Malware-Gen
« on: April 14, 2011, 12:04:14 PM »
As of today's Avast signature update (110414-0), we are having problems with UNIDRV.DLL being detected as Win32:Malware-Gen.  The file in question appears to have not changed since 2008.  Is this a bad set of signatures pushed out by Avast?

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 76039
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #1 on: April 14, 2011, 12:05:42 PM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Fonz_Valo

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #2 on: April 14, 2011, 12:11:05 PM »
As of today's Avast signature update (110414-0), we are having problems with UNIDRV.DLL being detected as Win32:Malware-Gen.  The file in question appears to have not changed since 2008.  Is this a bad set of signatures pushed out by Avast?

We are also experiencing this issue today and it's causing us a few headaches with staff moaning at us that they can not print any documents.

I've already reported the false positive and got a call logged with avosec support.

At least I know we are no longer alone on this issue lol ;D

zeimar2

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #3 on: April 14, 2011, 12:12:53 PM »
Hello, any news about this issue?
All our customer with Avast Antivirus are reporting same problem, other customer with any other AV software are not.
Avast customer are sincerely thinking to change their software, could we find a fast workaround?
thank you to all

Deyvid

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #4 on: April 14, 2011, 12:15:05 PM »
We have the same problem.




Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 76039
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #5 on: April 14, 2011, 12:18:25 PM »
Guys, if you already reported it to avast, it'll be fixed asap..!!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #6 on: April 14, 2011, 12:21:48 PM »
no FP on that file here with VPS 110414-0

edit: yeah okay that's on a W7/64 version of the file, and the issue seems to be on XP, so my scan is not relevant.
« Last Edit: April 14, 2011, 12:26:50 PM by Logos »

Fonz_Valo

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #7 on: April 14, 2011, 12:23:31 PM »
Guys, if you already reported it to avast, it'll be fixed asap..!!
asyn


I've got faith that this will be fixed quite promptly, Avast have never let me down in the past  :)

andyowenavast

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #8 on: April 14, 2011, 12:24:09 PM »
Hi

I have the same problem too with XP SP3 machines.

Avast moves the unidrv.dll file to the chest.

If you then restore the file and try and print it locks the machine up.

If you then reboot it moves the file to the chest again.

Do you know how the problem will be fixed?  Will a new definition be released and propagated?  If so will that file restore the unidrv.dll file to its original folder?

Thanks

Andy

Andrew71

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #9 on: April 14, 2011, 12:26:09 PM »
It only seems to be on Windows XP and the complete path to the file that we have is:

C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL

Offline 10nico

  • Jr. Member
  • **
  • Posts: 54
  • I'm a gnu!
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #10 on: April 14, 2011, 12:27:29 PM »
We are having the same problem here; the only way to make the clients print again is the following:

1) logon as an administrator
2) disable avast realtime protection
3) reinstall the printer driver
4) logon again as the user

Of course this is a bypass and leaves you with no protection and I really hope the virus definitions are updated very soon!

Michele
Live long and prosper

zeimar2

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #11 on: April 14, 2011, 12:28:14 PM »
@ logos:
it depends to which version of unidrv.dll you have. We submitted a version which report the problem. Perhaps some bytes in that file are same as real malware...

Hermite15

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #12 on: April 14, 2011, 12:29:17 PM »
@ logos:
it depends to which version of unidrv.dll you have. We submitted a version which report the problem. Perhaps some bytes in that file are same as real malware...

yes I edited my post above ;)

Offline 10nico

  • Jr. Member
  • **
  • Posts: 54
  • I'm a gnu!
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #13 on: April 14, 2011, 12:29:21 PM »
It only seems to be on Windows XP and the complete path to the file that we have is:

C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL

Yes it is the exact file being detected here as well! (all clients are XP SP2 or SP3)

By the way *not all* clients are having the problem even though they have the very same definitions...very strange indeed!

Michele
Live long and prosper

zeimar2

  • Guest
Re: UNIDRV.DLL being detected as Win32:Malware-Gen
« Reply #14 on: April 14, 2011, 12:32:27 PM »