False Positive

Here we go again!!! Avast showing 2 dll files which are part of epson status monitor has having Win32:malware gen. This after last update (current VPS version 091216-0). Files in question are EBAPI4.DLL & E_FBA6FIE.DLL ???

Did you submit these files are false positives?

Not yet just found out in last 5 mins thought I would give u guys heads up first

You could also confirm or deny the detection by checking the offending/suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

Already checked with virustotal only Avast is flagging alarm after submitting rescan

Hmmm…I have ‘EBAPI4.DLL’ and it scans clean… ??? With VPS 091216-0
(even on VT)

Where is your one located?

C:\Windows\System32\spool\drivers\w32x86\3

Wifes laptop has just received update VPS and showing virus alert too

Further info for u guys file version for EBAP14.dll is V5.15.0.0 Hope that helps (printer only 1 month old) :slight_smile:

To fix the problem, we need that file… so please use the “Report as false positive” link in the virus warning window to submit the file (or, you can pack it into a password-protected archive and send it by e-mail to virus@avast.com, together with the password).
Thanks.

Yeah I have this problem too…all these files are being flagged as false positives:

Win32:Malware-gen" has been found in

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBA6FJA.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EBAPI4.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EBAPI4.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EBPBIDI.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBA6FIA.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBAPFIA.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBAPFJA.DL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBL6FIA.DLL

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FBL6FJA.DLL

I already sent them in for analysis, but I have no idea what the program version is…as the Epson printer suite contains like 3 different pieces of software…one to manage fax, another to manage network printing, and another to manage some other stuff, but I can say I just bought this printer (an Epson Worforce 610) last week, so it is very new.

I have a theory why this is happening though…When you install this printer, it gives you the option to install either network or usb drivers. Of course, being a wifi printer, I installed and am using the networking drivers. Thus, this might be one reason behind the files being flagged as a trojan (trojan being something that operates over a network)?

I have just encountered this problem

Hello,
thank you for notice. Fixed false positive will be released soon.

Milos

Same thing happening here. What has happened to avast! Once is an unfortunate mistake, twice is sheer incompetence.

Hi,
sending the same useless post don’t help fix the false positive.

Milos

As the original poster I would like to thank the Avast team for their quick response, and for all those that complain do you use windows? trying dealing with Micros*$t ;D

Ahhh…That would explain the difference in scanning…my version is 5.11.0.0

Thanks so much for this thread! I had gotten the same threat message earlier when I powered up my laptop. It claimed 15 infected files when I know I had’nt downloaded of recieved any suspicious emails. It was only after I checked this post that I realized that all the files were associated with my epson all-in-one.

I’m not all that computer savvy, so I have just left these files in the virus chest for now. When the fix is done, is there a way to restore them from the chest? I hardly use the printer right now, but is the fact that they are in the chest going to affect the programs functionality? I’m really clueless here, so any advise would be a great help…

additionally, a few of these files has also been flagged as Win32: Trojan-gen. They are also associated with my epson printer. Has anyone else had this happen?

Ensure that you have the latest VPS update as there should have been a correction on these.

Scan the files in the Infected Files section of the Chest again and if they come up No Virus, then Right click on the file and select Restore. That sends the file back to the original location, a copy remains in the chest, confirm that the file original location and delete the copy in the chest.