FSS marked as a threat

Viruses and worms
1

When I was doing a weekly scan, FSS.exe was detected by Avast as Win32:Malware-gen and sent to my virus chest. I believe this is the Fubar Service Scanner and could be a false positive?

2

Hi Lonnie2,

Go to virus chest and right click on the detected file, then press submit to virus lab! then chose False Positive, enter all the info as you can and click on submit button. Then, go to maintenance/And click on VPS update (i.e a manual database update) the file will be submitted.

BEFORE DOING THAT COULD YOU UPLAUD THE FILE TO VIRUSTOTAL AND PUT THE LINK HERE ?

spywar

3

See this

4

Thanks for the reply. How do I upload the file from the virus chest to virustotal?

5

First restore it (right click, restore) then localise your file and uplaud it here (https://www.virustotal.com/en/)

6

https://www.virustotal.com/en/file/a19229f725e7e7a2402d57c5a6b343714a15451ec1cbbaa12b8b2e747dc0cb76/analysis/

7

You can submit it from chest (see my comment above) :wink:

spywar

8

that was an old scan…see date

here is a new fresh download from Essexboys guide
https://www.virustotal.com/nb/file/c07d4de0b4986e67ae04a03aa7813199e8da77680e900e6f54ea44ac70fbbeaf/analysis/1361740700/

First seen by VirusTotal
2013-02-20 08:15:18 UTC ( 4 dager, 13 timer ago )

anyway many of the tools used by the removers have viruslike behavior so it is not uncommon that they are detected
many cases here last year where avast detected evry new update of OTL as malware

9

As you said this was not a “fresh scan” you did it a while ago … Maybe avast! had already fixed it ? you should make a scan from the chest : right click, Scan.

10

Hi spywar,

Easy to say this but first you have to establish what variant of the executable (hash and download source) and whether it is a secure variant: http://f.virscan.org/fss.exe.html

polonus

11

I’m a little confused, because the Avast full system scan was just done earlier today(2/24/2013 8:00:10 AM virus found), as I have it set up to do a weekly scan every Sunday. After I restored the FSS.exe file, I tried opening it, and it was moved to the virus chest once again, so I know it’s not fixed. Should I still submit it to Virus Lab as a false positive?

12

Yes.

13

Clean

14

Yes it could be a FP, but some have a generic detection for this UDS:DangerousObject.Multi.Generic, Trojan.Autoit.Wirus , Trojan/Win32.Chifrax.gen, TROJ_GEN.F47V0808.
This could mean that something in the protection compiler or packer detection make this executable fall in the category riskware or PUP,
or this could mean a legit false positive… and according to essexboy that is what it is…

polonus