Various PCs on our network just started reporting this file from within an MS Office .CAB file as infected, the same file from previous backups also now reports as infected even though it wasn’t a few weeks ago. (the files themselves are the same)

C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\L2561412.CAB\FINDER.EXE - Win32:Malware-gen
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\L2561412.CAB\FINDER.EXE - Win32:Malware-gen
C:\Windows.old\Windows\Installer$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\FINDER.EXE - Win32:Malware-gen

finder.exe is a Microsoft Office Advanced Find Facility. Find out what finder.exe is doing on computer, whether it’s safe, info on related errors and how to …

False positive I think

There is same case
http://forum.avast.com/index.php?topic=69024.0

So If you think that it’s FP too do this

A regular scan won't be opening archive files, which a .cab is so no it wouldn't find anything in the pre-defined Quick or Full scans.

Archive (zip, rar, cab, etc.) files are by their nature are inert, you need to extract the files and then you have to run them to be a threat. Long before that happens avast’s Standard Shield should have scanned them and before an executable is run that is scanned.

How big is the .cab file ?

You could also check the offending/suspect file (if it doesn’t exceed 15MB maximum, see ~~~) at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

If it is over 15MB or the current max size, I don't know if you would be able to extract the FINDER.EXE file from the L2561403.CAB cabinet file. You could then upload that.</blockquote>

Avast Server Edition is also detecting a virus in finder.exe on our server. We have the latest Avast updates:

Program version 4.8.1110
VPS version 110109-1

I have moved the file to the Chest and, from there, submitted it to Avast for analysis.

Hello,
send us (virus@avast.com) the file to analyze, please.

Milos

File sent.

Hello,
thank you for sending sample. False positive will be fixed in next VPS update.

Milos

Also having this issue on a client’s server. Detection is the same file location as mentioned at the beginning of the topic. Reported as Win32.Malware-gen. Thank you for submitting the file for analysis.

Hello,
is it still detected with current VPS (110111-0) ?

Milos

I’ve not had any issues with this lately but I cannot verify that FINDER.EXE is still being reported as a false-positive. Unfortunately, I’ve got a long list of greater concerns for that server at the time. I have faith in avast’s team to address the issue though and wouldn’t be surprised if it was indeed addressed at this time.