File suddenly detected as Malware

SLIC_Dump_ToolKit.EXE v2.2, suddenly detected as Win32: malware-gen.
This does not happen a few weeks earlier, avast not detect this file as malware. I just installed avast home on my PC, with auto update on.
When I run this program yesterday, avast home consider this file as malware
Doing a full scan, avast did not find anything on my system.

The tool developer said “Some anti-virus software maybe report as a “virus” sometimes for I use chinese “E language” to program”.

The question is why avast when I run this program a few weeks earlier, are not detected as malware at the first place?
If this file is really dangerous, of course, my system was badly infected, and surely it’s too late to cleaning up.

Btw, the latest version of the program is out, and avast did not consider this file as malware, is it posibble avast detect this file again as malware, after database update in a few days / weeks later ?

New signatures are constantly added and generic signatures (of which this is one) are tweaked, both of which could result in a file not previously detected being detected. The generic signature (the -gen at the end of the malware name), is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

oops, sorry i forgot, i already uploaded to VT yesterday
http://www.virustotal.com/analisis/ae9254a92b4829153473096015f3213f63723310828aafdb880ac1dd1e2e7aec-1257264659

It appears you have a online game password stealer. You better change your passwords. Plus you need to get a third-party firewall PC Tools, Online Armor, and Zone Alarm.

Download and run MBAM.

Which tends to support the avast detection, now if as you say avast doesn’t alert on the latest version of this file, then perhaps what was found to be objectionable has been removed, edited or modified, etc.

I would also suggest uploading the latest version of this file to VT and see if any other scanners find it suspect. Add to that follow through on the suggestions given by Jtaylro83.

Thx for the replies :smiley:

The tool developer said “Some anti-virus software maybe report as a “virus” sometimes for I use chinese “E language” to program”.
Maybe cause of this ?

here the latest version
http://www.virustotal.com/analisis/396f1d84b8714a2754b052f5d262c4c177bf68c5ff73f3359aa6c346d800b766-1257348944

Hi avast junkie,

If you have the virus/malware sample please submit to us: support@ppinfotek.com with .zip file and protected by password: virus to got local avast support from us as indonesia representative. But instead of that you also could submit this to: virus@avast.com

Anyway, if you are using E Dictionary for Chinesse language, it would probably infected by malware which i ever faced it before.
It could be fraud application which silently installed on your system.

But to make sure you could use Malware Bytes to scan your infected system.

Thanks, at least on this one avast isn’t shown as detecting it on version 4.8, so a small relief for you. So I don’t know if as suggested you submitting it, I don’t know if it would still be worth while as avast is no longer detecting it according to the VT results. The VT results also now stand at only 7 detections (rather than 14 before) for the new version. However, all but one of those are either heuristic or generic detections that are more prone to FP.

MBM result, no malicious item were detected, on both version
This tool is simply to display information about the motherboard bios, so I very rarely use it.
Thnx all for the replies, i really appreciate it