Author Topic: Avast Pro has found Win32:malware Gen and cannot do anything with it.  (Read 3763 times)

0 Members and 1 Guest are viewing this topic.

A-Camp

  • Guest
Hi, there. I just got Avast and like what it is doing but I just had one problem. I did a scan of my system that found Alureon-FZ and was able to 'move to chest' successfully on the initial scan. The program then asked to restart and do a 'boot scan' and found two infected files that it could do nothing with. The files are both listed as Win32:malware Gen but hen the computer started up I could still not do anything with the file (it reads operation is not supported for this type of archive).

I read this forum topic:  http://forum.avast.com/index.php?topic=84185.0 and thought about doing the same thing but I did not want to damage my computer accidentially or clean anything without asking for more information and help with the issue. Thank you in advance for you're time.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37529
  • Not a avast user
Re: Avast Pro has found Win32:malware Gen and cannot do anything with it.
« Reply #1 on: September 18, 2011, 07:43:38 PM »
you dont say where the file detected was located

i am guessing...in system restore...or inside a zip.file  ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: Avast Pro has found Win32:malware Gen and cannot do anything with it.
« Reply #2 on: September 18, 2011, 07:47:27 PM »
Sorry but reporting just the malware name from the boot-time scan doesn't help, what helps is the file name and location of that file.

Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file (XP location) Or C:\ProgramData\Alwil Software\Avast5\report\aswBoot.txt (Vista, Win7 location), check this file using notepad for info on the scan/detections, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

A-Camp

  • Guest
Re: Avast Pro has found Win32:malware Gen and cannot do anything with it.
« Reply #3 on: September 18, 2011, 08:41:54 PM »
Sorry about that.

The first file location is:

C:\Program Files\EarthLink Setup\Windows\access\SpywareBlocker.msi|>Data1.cab|>ElShowSpyAbout.exe|>[UPX]

The other is:

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}RP40\A0026432.msi|>Data1.cab|>ElShowSpyAbout.exe|>[UPX]

Thanks again for the response. Sorry for the lack of info.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: Avast Pro has found Win32:malware Gen and cannot do anything with it.
« Reply #4 on: September 18, 2011, 09:14:07 PM »
OK, the first one is buried within 2 archive files, SpywareBlocker.msi then Data1.cab and finally the actual file ElShowSpyAbout.exe is also a packed executable (third archive). So avast is unable to remove the detected file from within the multiple archives. The reason is probably that the removal may corrupt the main .msi file.

The second is essentially the same file but in system restore.

What do you know about this C:\Program Files\EarthLink Setup\Windows\access\SpywareBlocker.msi file/program ?

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

A-Camp

  • Guest
Re: Avast Pro has found Win32:malware Gen and cannot do anything with it.
« Reply #5 on: September 18, 2011, 09:37:00 PM »
Nothing really. This computer is about 5 years old and came with some internet options that I never used. The programs did not take up an insane amount of space or pop-up asking to be used so I left them alone. I never have really touched the program since I have had the program.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: Avast Pro has found Win32:malware Gen and cannot do anything with it.
« Reply #6 on: September 18, 2011, 10:29:24 PM »
Then I would suggest that you manually delete it and the one in the system volume information folder.

Avast also has a setting that if the file can't be removed from an archive that the archive can be removed instead. This however is a pretty big escalation and one I wouldn't want to have done as an automatic process.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

A-Camp

  • Guest
Re: Avast Pro has found Win32:malware Gen and cannot do anything with it.
« Reply #7 on: September 19, 2011, 12:12:53 AM »
Will do. Both files deleted successfully. Should I run another scan to be sure?
« Last Edit: September 19, 2011, 12:29:56 AM by A-Camp »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: Avast Pro has found Win32:malware Gen and cannot do anything with it.
« Reply #8 on: September 19, 2011, 01:34:39 AM »
It won't hurt, but I think you will be fine given that the detections were buried inside archive files, which until run and the data extracted are inert. When an archive/installation file is extracted/run and the data extracted avasts file system shield should be able to scan and deal with the extracted file.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security