While installing a Blaster Audigy SE sound card my Avast 4.8 detected CTRegSvr.exe as Win32:Malware-gen. At avast prompt, I had the file put in the chest. This event caused the install to fail. Used tasks manager to shut down the failed install. I turned avast off and disconnected from the internet. Rebooted and did the install. All went well with the card installation. I reconnected to internet and shut down the computer. About 2 hours later, I turned on the computer and after about 20 minutes Avast 4.8 detected CTRegSvr.exe as Win32:Malware-gen again. At Avast prompt, I had the file put in the chest. Had Avast rescan the area where the malware was found. Nothing was found. Rebooted computer and did a search for CTRegSvr. The search found CTREGSVR>EXE-03702B44.pf in C:\WINDOWS\Prefetch. Had Avast scan C:\WINDOWS\Prefetch. Had Avast scan C:\Program Files and C:\DOCUMENTS. Avast found nothing. Updated signature files and rebooted computer and then ran Avast scan of all local drives(1000128 01/28/2010, archive enabled, thorough scan). Avast found nothing. SpyBot Search and Destroy found nothing.
Google search indicates the file is a driver for the sound card. Not sure what is going on. Is this a fasle positive or just a glitch of the installation of the sound card?
I can somehow confirm this false positive with files within Creative driver installer.
After the 377 version of Avast 5 was released i have done a bootscan and Avast found this Malware gen in the Creative install driver kit for Audigy 2 ,the official driver kit from 9 Oct 06 ,driver 02.09.0016 -web release.I presume the file in question is the same in those old driver kits.I dont know if the detection was already removed ,have to check .
busp1 ,try and install a Daniel K driver pack for your sound card ,its not affected by the detection (i think).Visit Creative forums and search for the driver pack thread acording to your sound card name.
Apologies if this is butting in, but I also detected CTRegSvr.exe (I have an Audigy SB card installed) as the same generic malware last evening after an AVAST update and full (including archive) scan.
My intuition was that this is a false positive as I have not changed that program in several months since this m/c was built and always run Avast/ZoneAlarm/Spybot S+D(Teatimer) kept updated, except that it also showed one of the other files ‘c:\system volume information_restore…long string of numbers and letters…exe’. My assumption is that this is s restore set-point file and the marking of both as malware is associated with the problems which started this thread.
As I am very inexperienced in dealing with viruses, I have sent both files for Alwil analysis from the Chest where I put them.
If it should turn out that this is a false positive will it be made known through the Forum so that Sm3K3R, busp1 & myself feel easier, or is the feeling of the experts that this should be treat as a serious infection and what advice would they give in excess of what has already been done? (I have looked at Polonus’ post on general principles, but would still appreciate guidance)
I am in the process of creating the e-Mail to send the ‘infected’ files, can I attach the files from the chest, or will I have to take them out attach them and then return them?
Have just scanned the files which showed as infected yesterday, inside the Chest, and they have come up clean using Virus database Version 100130-0, 30/01 so I will not be deleting them and will probably re-instate shortly. Suggest anyone with this problem from yesterday rescans inside the Chest, as it looks like a FP has been removed.
