Starting today, every 2-5 minutes Avast is letting me know that it’s secured whatever threat this is:
aborted connection to 1d.tlu.dl.delivery.mp.microsoft.com
because it was infected with Win32:Malware-gen
WHAT DOES THIS MEAN?! and why can’t I have even 6 minutes of peace?
Help, please and thanks!
I have the same problem !!
why can't I have even 6 minutes of peace?
Because something on your system is trying to connect to that URL, which for some strange reason Avast considers malicious.
A Google search on that URL returns many hits - https://www.google.co.uk/search?q=1d.tlu.dl.delivery.mp.microsoft.com - do any of them ring a bell.
Description. *.tlu.dl.delivery.mp.microsoft.com. HTTP. Used to download operating system patches, updates, and apps from Microsoft Store.
So it looks like some of your apps from the Microsoft Store are phoning home looking for updates.
A screenshot of the Avast Alert window with the More Details option expanded could help determine what is making the connection and which shield is alerting. Attach it to your next post using the Attachments and other options link below the reply window (see mine, click to expand).
Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.
I have reported this to Avast by another means for investigation, but it won’t hurt to use the link I gave in my last post to report it as a possible false positive.
I’m not currently seeing this but I haven’t downloaded any programs or apps from the Microsoft Store.
Thanks David
Attached is a screen shot of the message I’m receiving.
My popup is exactly the same as peter.k’s when expanded. I don’t know what app it could be, but is there a way I can make it stop popping up? Can I tell Avast that it’s not a threat?
You’re welcome.
Given it is initiated by svchost.exe a Windows System file which should be digitally signed it is likely to be a False Positive and you should report it using the link I gave.
I Have to say that the latter part of the URL information is strange to me YourPhone.Contracts.Fre.winmd, does it ring any bells for you ?
The URL in your alerts is slightly different to the OPs post ‘1d.tlu.dl.delivery.mp.’ were yours is ‘2.tlu.dl.delivery.mp.’ possibly indicating a different app/function. However the OP hasn’t posted any screenshots.
Given what I said in my reply to peter.k there is a slight difference in the initial part of the URL, so I would suspect that the later part of the URL /filestreaming/service/files will also be different. However it is the initial URL path that is causing the problem and you should also report this as a possible false positive.
I’m seeing the same alert, as I’m sure many others are who haven’t reported it. Can someone from Avast acknowledge that this is a false positive and that it will be fixed with a new signature update (and soon)?
Using the link given is the best way to report this (the more the better, the squeaky wheel gets the oil) as it goes to the virus labs rather than hope that one of the avast team sees this topic.
Using the link given is the best way to report this (the more the better, the squeaky wheel gets the oil) as it goes to the virus labs rather than hope that one of the avast team sees this topic.
Done
But I’m still concerned.
Maybe its a false positive, but at the same time I’m suspicious of the word “Contracts” at the end of the URL. This should probably be “Contacts”. Its the kind of spelling error often seen in scam documents of “non-English speaking” origin.
Now I know this might seem random but here is a quick idea that I think has helped me narrow down what is causing this issue.
At this point you should notice that the “Your Phone” app is refusing to update and it triggers the issue that we are noticing. It would appear that this is being caused by the interaction between Avast and the Your Phone app. More than likely this is a false positive. If it wasn’t Microsoft would have made an egregious error as if I am not mistaken the Microsoft Store automatically updates some of the apps that come with Windows. Are you folks running free or premium Avast is the next question?
I got similar message which pops up every few minutes. Reported it to Avast.
Been having the same issue and can confirm as per GreenMachine post that it is the my phone app. ive got silent mode running for now untill Avast takes a look at the issue.
ive also reported a false positive as per DavidR first suggestion.
glad im not the only one with the issue, as its been a long day and the only search results were either from two to five years ago and I was about to lose it.
Hello,
thank you for the report. It is false positive, we will fix it.
Milos
I had the same problem yesterday. For hours, Avast, every 10 or 15 minutes, popped up saying that it had blocked Win32:Malware-gen from a windows app which appears to be something Windows based like an app or a widget. But, I can’t figure out how to get rid of it… Today, it’s not popping up yet so maybe it resolved itself. I wish you could turn off the warning in Avast at least…
Read the post above yours, it was confirmed as a False Positive.
This would likely have been fixed fairly promptly and delivered automatically in a Virus Definitions > Streaming Update.
You can stop this, by adding an Exception for the URL location - However this comes with a strong warning, you have to realise there is a risk in this and you have to be 100% sure it is a false positive. Or it could cause serious problems.
Here is the response from Avast:
The reported URL was checked by Avast virus specialists and based on the findings the detection was removed. The website is now marked as clean in the Avast virus database. This change may take up to 24 hours to take full effect. Please accept my apology for the inconvenience caused.
If the detection persists after 24 hours, please update the Avast virus database and reply to this email with attached files:
Suspect that this isn’t a false positive.
Used PowerShell to uninstall ‘yourPhone’ from all accounts on a machine experiencing this symptom.
Symptom persisted until Avast quarantined the causal files.
Command used to uninstall was: Get-AppxPackage Microsoft.YourPhone -AllUsers | Remove-AppxPackage
Machine rebooted after PS uninstall.
This did not stop the symptomology.
Recurred every 12 to 13 mins when machine online and then all at once when machine taken offline then placed online.
Avast, please look into this.
They did look into it, this reply is from one of the Avast Virus Labs Team.
If you look at the images in Reply #4 the action was initiated by svchost.exe
Your comment that after this removal action the alerts didn’t stop, doesn’t support it not being an FP. Ensure that you have the latest Virus Updates and check if it continues.
If it does take a screenshot of the Avast Alert and attach it.