Today, my avast! prompted with a virus warning (Win32:Malware-gen) while I was browsing the Internet. It was located in C:/Program Files/PACKARDBELL/Packard Bell Recovery Management/eRecovery (a Backup Recover program from Acer, It was here from the first time I turned on my computer), and It never was detected by avast! (I maked a scan two days ago). The file was modified last time in 2008, and I wasn’t manipuling it when alert window opened.
Can It be a false positive? I uploaded it to VirusTotal and only avast! and GData detect the same thing, the others don’t detect nothing.
Most likely a false positive, since GDATA also uses avast! detection engine, so this is probably the same detection.
Do you still have the virustotal link?
A post by DavdR on the ‘-gen’ suffix:
To report a false positive:
You could also send the file in a password protected archive to virus(at)avast(dot)com with ‘potential false positive’ in the subject line and the password in the email body.
or
You could add the file to the user files of the virus chest and send it from there:
Right click avast icon in taskbar -->click start avast antivirus -->right click scanner background → click virus chest → navigate to user files → click add files →
right click file -->email to alwil software.
NOTE:
The file will actually be uploaded when the next update is performed (you can do a manual update to initiate the sending)
You could also add a link to this thread and some more information when you do.
I’ve sent the file to avast! with chest’s email tool. Now only I must wait.
The problem is… why did appear in screen the window? I didn’t touched the file, neither the folder, and I wasn’t scanning in that moment. Does avast! do a second plane scanning?
In answer to your question, I’d imagine that it was scanned as it was executed, by the standard shield (a resident scanning component of avast!):
It is a backup program and is probably running to back up your computer, and is (a bit of a guess here) probably scheduled to run at a certain time, so when it is tarted it is pciked up by avast!
It doesn’t matter when it actually runs, but it is more about when the detection is added to the database. In this case, the database update to 091011-0 added this (hopefully false) detection to the database.
I have a similar problem. Avast detected as malware gen, the file Hidchk.exe in the C.\ProgramFiles\Acer\eRecovery Directory, after I blocked it by sending the thing to the Virus Chest, it repeats whenever you try to reinstall the eRecovery application from the Autorun
I do not think it is a false positive. Various days away, the pointer was unstable, and from time to time a web page appeared that was not previously requested by me. I think avast is able to detect the problem in the Hidchk.exe file, but can not detect the script that is producing or creating it, which may be in other file (Note that to me it happens whenever I try to re-install the eRecovery application from the Acer eRecovery Management Application by using the option to reinstall drivers and controllers.
Hope avast was able to detect were the installer of the virus is.
Hi,
I have the same problem: Avast has detected win 32:malware-gen.
The first was detected yesterday in C:\programfiles\Acer Empowering Technology\eRecovery\Hidchk.exe. I tried to delete it but it came back so i put it in quarantine.
The second was detected in C:\ACER\game zone console\Game builds\acer_setups_italian_. I have deleted all the acer game zone console (I don’t use it).
So what is it , a real malware or a false positive ?
I have sent an email to Avast for the first one with the up-date.
My technical english is not good so be kind.
Thanks
Have you an user backup copy of your computer? Unfortunately, I did not do mine.
If I had, I think, I would recover all of the ACER Empowering Technology from it
I passed Avast, and all of it appears as clean, but nonsense web pages and thinks like that, suddenly appears.
I have used another tool (Adaware) and it has detected two new Trojans (with TAI - Threat Assessment Index- of 10, that is, I suppose, very high). The infected files (two Acer games, Big Kahuma Reef.exe and Bricks of Egypt.exe are now on quarantine) so I am happy, but after this…
I do not know how, the Goggle Gadget with the clock and the date has also appeared on my display (in any case, I like it)…
I suspect, the mother of all warms or Trojans, or whatever it is, is actually on the Directory that is used to install the Acer e Recovery application that I have located as C:\Program Files\InstallShield Installation Information{7F811A54-5A09-4579-90E1-C93498E230D9}.
I have same problem:
11.10.2009 19:10:54 SYSTEM 1716 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe” file.
12.10.2009 18:03:34 SYSTEM 1740 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe” file.
13.10.2009 19:47:40 SYSTEM 1628 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe” file.
14.10.2009 18:22:12 SYSTEM 1624 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe” file.
Avast warning pop up window appeared first time today. Meaningless or not, I installed avast last Saturday, 10th of Oct.