Malware help please

Hello I was wondering if any one can help with this annoying issue. Anyways I have enjoyed Avast for 2 years now and was always able to get out of a pickle until now.
I recently did a scan on my 64bit Toshiba dual core with 4gb of memory, 250gb of hard drive which included Vista home premium OEM.
Well every thing was fine until Avast detected this;
Windows\SysWOW64\cselect.exe infected with Win32:Malware-gen

I assume that this cselect.exe is a system file of some type.
I tried to repair it. Got an error 5 the same with trying to dump it into the chest. Can’t do either. :frowning:

So before I did any thing drastic like trying to do a system restore point est I thought I listen to your suggestions.

Any help would be appreciated but please have clear directions that I can follow. Also most appreciated.

Thank you. :slight_smile:

Hello,

Google says the file is related to toshiba. So for us to come to any conclusion whether file is benign, you need to do this :

Check the offending/suspect file at: [url=https://www.virustotal.com]VirusTotal[/url] - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below. If you haven't sent the file to chest, directly upload the VT and post the result here.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect* That will stop the File System Shield scanning any file you put in that folder.

nmb

Thanks for helping me out. Just thought I mention that. :slight_smile:

Any how followed all your instructions so far and here are the results.

https://www.virustotal.com/analisis/9144e5a973853ef985d26cd4a5171d19c0d10667aed655b9aecc80f89bf8d73d-1275400202

Just let me know if I should put that exe in to that folder.
Thanks a bunch. :slight_smile:

So no detections in VirusTotal…so if you scan it again with your avast what result do you get ?

Avast still detects a contamination. ???

The only purpose of putting the .exe file in that suspect folder is to allow update to virustotal without avast alerting, etc.

The strange thing is that there are no detections, even avast, so it looks like this was a false positive detection that has been corrected in the 100601-0 virus definitions update. So if you have it in the avast chest, scan it again and if clear you can Restore it to the original syswow64 folder location.

Edit: Since you say avast still detects it, ensure that you have the latest version of the virus definitions and scan it again.

and you have the latest avast virus file 100601-2 ???

http://www.avast.com/en-eu/virus-update-history-2010

Ok just did a scan again. Every thing checks out a-ok now.
Go fig. :smiley:

Thanks every one for your help.

Another monkey of my back. 8)

You’re welcome.