Different AV-Engines reporting Avast-Files as Virus !

Hello,

different Anti-Virus-Engines reporting Avast-Files as variant of tedy.

For example Emsisoft - attached a sample of the report file.

C:\Program Files\Avast Software\Avast\defs\23092204\aswJsFlt.dll erkannt: Gen:Variant.Tedy.381197 (B) [krnl.xmd]
C:\Program Files\Avast Software\Avast\setup\vps_binaries-1194.vpx → (Embedded EXE g) erkannt: Gen:Variant.Tedy.381197 (B) [krnl.xmd]
C:\Program Files\Avast Software\Avast\x86\aswJsFlt.dll erkannt: Gen:Variant.Tedy.381197 (B) [krnl.xmd]

You can find a confirmation for this on Virus-Total, too.
Hash to analysis: 69a766e623ef95e183884d32442018a0d2ef2e74d1fc63639e4b9ac41f016552

Is the reason the Engine by itselfs ?

https://forum.avast.com/index.php?topic=211973.0

Sorry, that’s not helpful.
I am using the Emsisoft Emergency Kit (not full installation).

There is nothing strange here, it is a Classic conflict that happens when Running multiple security programs

https://www.kaspersky.com/blog/multiple-antivirus-programs-bad-idea/2670/

It was a false positive from Bitdefender which has been fixed now. Besides, those are not different engines. There are quite a few products that use the Bitdefender engine. So when there’s a false positive with Bitdefender, it will result in many detections in Virustotal.

The hash was processed by Bitdefender so in Hitman Pro it should no longer be seen as malware.

Thanks. Emsisoft confirmed whitelisting today.

I am pulling these up on my Emsisoft scan as well. The scan is still in progress but so far I’m getting two instances of Gen:Variant.Tedy.381197 (B) and are being flagged under their Malware category.

For some context, I’m not using a full Emsisoft installation or protection either, just their Emergency Kit scanner. I have used this for two years on and off, which I have had with Avast running Real-time protection, and this is the first time it has pulled these two instances up. So I don’t think this is a case of having two “conflicting” AV apps as some are suggesting.

So even if these are false positives, is it ok to delete these files? Would deleting them cause Avast to malfunction? Or would Avast just re-download these files again after a definitions update?

What would you expect when (if you are getting the same location as the OP) scanning the virus signature files is likely to produce the same issue.
It is essentially still a conflict, avast also has low level drivers to be able to actively inspect files, etc. these actions could well be considered suspect.

So it isn’t just running two resident scanners, but when scanning Avast files and locations could result in a false positive. So you have to look at the location and file and ensure it isn’t Avast Antivirus related.

Why the hell would you want to delete Avast files (and screw with your avast installation) if they are essentially false positives.

I don’t trust Emsisoft since I’ve used their Emergency Kit scanner in the past, and it’s not very reliable in detecting malware, PUP or any other type of virus side by side with Avast.

I strongly prefer MalwareBytes (MBAM) side by side with Avast, MalwareBytes has been very reliable for years in detecting malware, PUP or any other type of virus side by side with Avast.

Ok, but that still doesn’t explain why these EEK results are happening now. Like I said, I’ve used EEK as a supplemental tool for two years now, with Avast Free on my computer that whole time, and this is the first time I have produced these scan results. There’s also the fact that it isn’t identifying every .dll file in the Avast folder, just that one (aswJsFlt.dll) in particular. So, maybe there’s an issue with that particular file? Maybe it would be replaced in an update? I also did a clean install of Avast two days ago for unrelated reasons, so perhaps something went wrong in the installation process, etc. There are plenty of reasons why it would show up on a different virus scan aside from “don’t have two AV software installed.”

I have used MalwareBytes in the past (like early 2010s) and liked it, but over the last few years a full C drive scan took anywhere between 16-20 hours to complete, so I stopped using it for that reason.

You need to exclude files into your malwarebytes and avast to avoid conflict issue side by side, see attachment FYI

https://i.postimg.cc/4dndthYC/MBAM.png

https://i.postimg.cc/26J5x8W1/MBAM1.png

Sure but I don’t know if that’s the reason to it taking long.

Trust me, I had the same similar issue.

Just to show people what I mean, here are the two results from two scans using the exact same parameters less than 10 months apart. The one today was aborted but that one picked up the avast files and flagged them as Malware, the one that was completed did not.

This really is a question you should ask of Emsisoft and or reported to them as false positives.

Agree or don’t use it.

I have indeed emailed Emsisoft about this, as I noticed something interesting.

So, as an experiment, I uninstalled Avast using the clear tool and ran the same Emsisoft Emergency Kit (EEK) scan that found the “malware.” Nothing was found, which was expected.

Then I re-installed Avast and after a restart to load my settings file, I re-ran that same EEK scan with the same parameters, and nothing was found. I checked to see if the specific .dll file was still in the Program Files\Avast Software folder, and it indeed was in the same places under the ‘defs’ and ‘x86’ subfolders.

So I ran another EEK scan just of that Avast Software folder a couple of times, and it found nothing. Ok, cool.

But then I think maybe the EEK software remembered me skipping those two files in the first place, and maybe took that as me treating them as false positives (EDIT: I have been informed by Emsisoft that this is not the case. If a scan picks something up and you ignore it, it’ll show up again on the next scan). Probably not the case, but to be safe I deleted the EEK folder I had, and then got their Emergency Kit file to extract their files again on my computer (EEK doesn’t install on your computer, it just contains itself in a folder with the files you need). I re-ran the scan on the Program Files\Avast Software folder using EEK, and it came back clean.

Then Avast asked me to restart my computer with a pop up. So I go “uh oh” and restarted. I let my laptop sit while I went to a medical appointment, came back and ran the same EEK scan on the Program Files\Avast Software folder, and it found nothing.

So either Emsisoft’s Emergency scanner had a hiccup that one time, it remembers me skipping those files still and treats that as false positive (even though I didn’t mark them as such), or Emsisoft fixed the issue on their end with an update over the last 24 hours or so.

Thanks for reluctantly following me on this journey so far.

A journey it has been, but hopefully you won’t fly into a panic if you run another AVs on-demand scan and it detects something of your Avast on-access scanner.

You should also remember that Avast being an on-access (active) scanner, it is also going to be scanning the Emsisoft activity. So there is potential for conflict even if Emsisoft isn’t installed.

Another update on this. I had to uninstall and re-install Avast last night (long story, not relevant), and out of curiosity I did another scan of the Program Files\Avast Software, and it pulled up the same three instances as aswJsFlt.dll file as Malware. But then I did a repair on Avast (both through the app itself and using the Uninstall feature), ran the scan again (didn’t even restart my computer) three times and it didn’t pull up any results.

So it’s possible that it has to do with Avast’s installation being ‘broken’ or going haywire upon installation. I don’t know.

EDIT: Nope, nevermind. I deleted my EEK folder and re-extracted the files again from its ‘installer’ and ran it again and it shows those files as ‘malware’ again, and then when you close and re-open the scanner, it doesn’t show up on the results.

Yeah…I think I might be done with Emsisoft’s Emergency Scanner.