I have installed Age of Empires 2 Conquerors Expansion in my computer for almost a year. It was running in good condition, until today that avast suddenly blocked and move its .exe file into the chest saying that it is infected with win32 malware-gen. What should I do?
Here is the log Malwarebytes Antimalware
Malwarebytes’ Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8090
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/6/2011 1:35:33 AM
mbam-log-2011-11-06 (01-35-33).txt
Scan type: Full scan (C:|D:|)
Objects scanned: 269758
Time elapsed: 34 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is the log of my cd where avast block the .exe file too.
Malwarebytes’ Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8090
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/6/2011 1:43:22 AM
mbam-log-2011-11-06 (01-43-22).txt
Scan type: Quick scan
Objects scanned: 5815
Time elapsed: 3 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to Open the chest and right click on the file and select ‘Extract’ it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
Here is the report from VirusTotal
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: b1b52d891550029adefd6a0a5c33ecbe
Date first seen: 2008-05-01 07:30:12 (UTC)
Date last seen: 2011-11-05 22:51:17 (UTC)
Detection ratio: 0/43
That one was the result when I made the reanalysis.
Looks clean. (Also avast! doesn’t detect it.)
Is the problem gone…??
I tried returning the one I have placed in the suspect folder to its original folder. I have scanned the whole folder and it didn’t show any infections. Is it possible that avast falsely detected it as a malware?
Yep, it seems that this was just a FP.
Ok… Btw, thanks for the help davidR and Asyn. 
You’re welcome…!
You’re welcome.
So this just happened to me. Besides my weekly full scans, I just rescanned the Steam directory, and it came up clean.
- What does ‘FP’ mean?
- If I add an exception and later that directory does indeed get a bug, will Avast! ignore it and let the bug operate? Is there a better option than adding an exception?
@ zq84trex
-
FP = False Positive detection.
-
Not entirely sure what you mean by ‘bug’ - do you mean virus/malware detection ?
If bug is virus/malware avast would alert and not let it run.
If it is an FP (and you have to confirm that) and you correctly add an exclusion avast would ignore it because you have set an exclusion.
Making an exception, should be on the lowest level, e.g. on the full path to the file, not to the complete folder as that could put you at risk.
A better way, if you consider it an FP, then you should submit the file to the virus labs for analysis and correction to the virus detection (signature). That way not only you would benefit but all users using that same file.