I use calc.exe (the Windows XP calculator) almost daily, but yesterday Avast detected it as a malware:
Win32:Malware-gen
Should it be a false positive?
Best regards
Marcelo
I use calc.exe (the Windows XP calculator) almost daily, but yesterday Avast detected it as a malware:
Win32:Malware-gen
Should it be a false positive?
Best regards
Marcelo
Most probably. I mean, check it first at www.virustotal.com
Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.
This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
I´ve used VirScan, but VirusTotal returned the same results. But in fact, I still don´t know what does it means. Two entries (Avast included) said it´s a malware. Is it a malware, or it´s not?
Follows VirScan summary output:
VirSCAN.org Scanned Report :
Scanned time : 2009/10/12 12:35:43 (ACT)
Scanner results: 5% Scanner(2/37) found malware!
File Name : calc.exe
File Size : 115200 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : ff2db66b40ac1b9ac5a5c99fdf7c9829
SHA1 : fc41c24ac39c225be6e236363f11f836adb8f881
Online report : http://virscan.org/report/3278af835b1d2a7455baed2fd65eb4da.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091013010332 2009-10-13 4.02 -
AhnLab V3 2009.10.12.04 2009.10.12 2009-10-12 0.83 -
AntiVir 8.2.1.35 7.1.6.101 2009-10-12 0.06 -
Antiy 2.0.18 20091012.2993830 2009-10-12 0.12 -
Arcavir 2009 200910121608 2009-10-12 0.06 -
Authentium 5.1.1 200910121509 2009-10-12 1.38 -
AVAST! 4.7.4 091011-0 2009-10-11 0.01 Win32:Malware-gen
AVG 8.5.288 270.14.11/2430 2009-10-12 0.41 -
BitDefender 7.81008.4335959 7.28273 2009-10-13 3.72 -
CA (VET) 9.0.0.143 35.1.7060 2009-10-12 7.76 -
ClamAV 0.95.2 9881 2009-10-10 0.03 -
Comodo 3.12 2586 2009-10-12 0.72 -
CP Secure 1.3.0.5 2009.10.11 2009-10-11 0.07 -
Dr.Web 4.44.0.9170 2009.10.12 2009-10-12 5.53 -
F-Prot 4.4.4.56 20091012 2009-10-12 1.37 -
F-Secure 7.02.73807 2009.10.12.07 2009-10-12 0.13 -
Fortinet 2.81-3.120 10.935 2009-10-12 0.24 -
GData 19.8355/19.507 20091012 2009-10-12 4.92 Win32:Malware-gen [Engine:B]
ViRobot 20091009 2009.10.09 2009-10-09 0.47 -
Ikarus T3.1.01.72 2009.10.12.74056 2009-10-12 4.12 -
JiangMin 11.0.800 2009.10.08 2009-10-08 4.30 -
Kaspersky 5.5.10 2009.10.12 2009-10-12 0.10 -
KingSoft 2009.2.5.15 2009.10.12.21 2009-10-12 0.61 -
McAfee 5.3.00 5769 2009-10-12 3.35 -
Microsoft 1.5101 2009.10.12 2009-10-12 6.26 -
Norman 6.01.09 6.01.00 2009-10-12 4.01 -
Panda 9.05.01 2009.10.12 2009-10-12 1.65 -
Trend Micro 8.700-1004 6.534.02 2009-10-12 0.03 -
Quick Heal 10.00 2009.10.12 2009-10-12 1.25 -
Rising 20.0 21.51.04.00 2009-10-12 0.89 -
Sophos 3.00.1 4.46 2009-10-13 2.42 -
Sunbelt 5443 5443 2009-10-11 1.78 -
Symantec 1.3.0.24 20091012.002 2009-10-12 0.05 -
nProtect 20091012.02 5794481 2009-10-12 7.51 -
The Hacker 6.5.0.2 v00039 2009-10-12 0.83 -
VBA32 3.12.10.11 20091012.1122 2009-10-12 2.10 -
VirusBuster 4.5.11.10 10.112.66/2003935 2009-10-12 2.42 -
Can you please send us the file?
Thanks.
this problem should be already fixed with the latest VPS…
Ok, thank you !