I just ran the Eset online scanner http://www.eset.com/onlinescan/ and it’s picking this up as “probably a Win32/Genetik trojan”. This is a Avast driver by the way located in Windows/system32/drivers.
Can anybody else run the Eset scanner and varify?
Thanks.
It is the avast self protection module and unless yours is somehow modified/infected, which I doubt it is a false positive detection by eset. Considering it is a generic detection, which are more prone to false positive detections, that is what I suspect it is.
You could also check the file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
Hi!
I have the same Problem. Also with the NOD32.
I tried this VT, and I have the following result:
Weird. 0/41. Yet Eset’s online scanner flagged it.
I have another machine that runs Avast also and it flagged it on that one as well, it also flags the setup file for aswSP.sys as well.
Still would like if somebody could run the Eset online scanner and see what it comes up with. I’m running XP SP3 with the latest version of 4.8. I was concerned of a worm spreading across my network but I doubt it considering I have no BS programs on either machine and Virus Total is saying 0/41.
Whew, good, that makes me feel better.
Did you run the online Eset online scanner as well? Or did you scan with a installed copy of Nod32?
It is an installed Eset. I installed the latest virus definition (automatically), and after that I had this warning message.
But my result at VT is the same like yours. I hope everything is alright. I think it’s just a false warning.
And I have XP SP2, with Avast 4.8 Home, and NOD32 2.50.32 (Virus definition 4620)
Both of you uploaded the same temporary file name avz00001.dta (they also have the same MD5 number, conforming the same file) and not aswSP.sys from the drivers folder.
Personally I don’t believe it would matter if it were Nod32 or the on-line scan at eset as essentially it uses the same engine and signatures and it would seem temp file numbering.
Though the VT nod32 signatures or version could be different, which might account for the non-detection on VT and as I said it was a generic detection and that function may not be available using VT.
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.
I’ve tried it again, and now I had a new result.
The only difference is the Version. The old one was 4592, and the new is 4620
I uploaded aswSP.sys from the driver folder(actually I copied it to a another folder and then uploaded it), it displayed as avz00001.dta once it was scanned at virustotal. Don’t know why their site does that, it has done that with other files in the past as well.
Same here. I noticed it displays the correct file name now. WTF? It flags the same file in the Avast setup inf folder as well.
Has to be a false positive by Eset.
It’s also flagging a file(embeddedwebbrowser_d2006.bpl) in TuneUp Utilties 2008(on two machines) as a Win32/Genetik trojan, that file came up clean on Virustotal. Those are retail copies i’ve had installed for ages now.
F’n Eset.
I’ve tried at my girlfriend notebook, and the result is the same.
Most certainly a false positive given that it is a generic detection, not to mention it is from a known good source and nod32 is the only scanner of 41 detecting it.
All of this means it needs to be reported to eset/nod32 for correction.
Nod32 fixed the issue. Ran another scan today, nothing is detected.
Thanks for the update.