CTCMSu.exe runs the Creative MediaSource Player and it keeps coming up as a Win32:Malware-gen through Avast. I just checked Jotti’s malware scan and the results showed Avast and G Data were the only two virus protectors having a problem with it (I even reinstalled the Creative software and it still came up as malware). When I disable Avast, I can run CMSP, but when I enable Avast, it alerts me and keeps me from using it. I believe it’s a false positive.
Same with Microsoft Works 2003: “msworks.exe” also shows “Win32:Malware-gen” even though I have restored it from the original installation DVD.
Let’s wait for the next Virus Database update
Me too “CTCMSu.exe” is coming up as “Win32:Malware-gen” - was having a similar exercise with another Creative file yesterday (CTRegSvr.exe) and had just convinced myself it was all false positive to do with the Win32:Malware-gen detection, when I did a just-in-case scan and this blew up. I am not savvy enough to sort out the version of the ‘infected’ file, but am starting to get worried that the Win32:Malware-gen detection needs sorting. A look at the index shows at least 7 threads on the subject of Win32:Malware-gen detection, most of which are seeming to indicate a set of FP’s associated with it. For information, it also comes through in the restore points as the same file.
My basics are
XP Home SP3
AVAST 4.8 Home
ZoneAlarm
Spybot S+D
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
avast4 - Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
avast5 - Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.
Yes I’ve checked it out at VT, same result as with audioconverter.exe yesterday, only Avast and GData are reporting it as infected, and I believe GData may use Avast to scan anyway?
GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
avast4 - Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
avast5 - Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
Thanks to everyone for the speed of response at the weekend. Saved a couple of sleepless nights waiting for confirmation, and system now scans clean with the FP files reinstated.
