3 FP Drivers Intel

C:\WINDOWS\system32\drivers\ELhid.sys
C:\WINDOWS\system32\drivers\ELmou.sys
C:\WINDOWS\system32\drivers\ELkbd.sys

After a restart unable to use the mouse and the keyboard = latest system backup and disable avast.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to Open the chest and right click on the file and select ‘Extract’ it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

####
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn’t hurt.

@@@@

  • In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below):
    File System Shield, Expert Settings, Exclusions, Add and
    avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the * to \file_name.exe where file_name.exe is the file you want to exclude.

Checked the 3 at Virscan.org

http://r.virscan.org/20e63d84c715ab819ce372daae83cce1

can you post the link to the scan result…

At virscan, see my post above (edited)
The 2 others

http://r.virscan.org/report/bd72529ce033acae02b55c2ce8410a46.html
http://r.virscan.org/report/b690cc985b1d04c25258abe116779033.html

Yes pretty clear, submit to avast as an FP and you can if you accept the limited risk exclude these files.

Not yet resolved, plus with the last update today Avast founds another FP C:\WINDOWS\system32\drivers\ELmon.sys
4 drivers Intel quick resume.

My computer is unusable with Avast.

Can you post the malware name in full that is given, is it the same Win32:Malware-gen ?
When does this detection occur and or what scan detects it ?

The Win32:Malware-Gen is a generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

Did you submit the others to the avast! virus lab for analysis ?

If this occurred after an update, it is possible that changes made in the generic signature (possibly to correct the other detections) has trapped this other one.

The four are detected with the same sign Win32:Malware-gen nothing more.
They are detected randomly.
If they are detected at a restart the mouse and the keyboard don’t work. One time with avast disable, they are been be detected like rootkit.

Not yet submit to avast virus lab.

The four drivers are only detected by Avast on Virscan, the last one Elmon.sys :http://r.virscan.org/report/73e774bdf91edf3a995961721c1ebb5f.html

Avast team is known to address these kind of FPs rather quickly, and cure them sometimes with an upcoming update,

polonus

You need to follow the guide I gave in Reply #1 above and submit them for analysis and correction. Plus if you accept the limited risk exclude the files from scanning until the detections are corrected (scan the copies within the chest).