Malware in Acer program?

Today, my avast! prompted with a virus warning (Win32:Malware-gen) while I was browsing the Internet. It was located in C:/Program Files/PACKARDBELL/Packard Bell Recovery Management/eRecovery (a Backup Recover program from Acer, It was here from the first time I turned on my computer), and It never was detected by avast! (I maked a scan two days ago). The file was modified last time in 2008, and I wasn’t manipuling it when alert window opened.

Can It be a false positive? I uploaded it to VirusTotal and only avast! and GData detect the same thing, the others don’t detect nothing.

Hi Subrosia, welcome to the forum :slight_smile:

Most likely a false positive, since GDATA also uses avast! detection engine, so this is probably the same detection.
Do you still have the virustotal link?

A post by DavdR on the ‘-gen’ suffix:



To report a false positive:

You could also send the file in a password protected archive to virus(at)avast(dot)com with ‘potential false positive’ in the subject line and the password in the email body.

or

You could add the file to the user files of the virus chest and send it from there:

Right click avast icon in taskbar -->click start avast antivirus -->right click scanner background → click virus chest → navigate to user files → click add files →
right click file -->email to alwil software.

NOTE:
The file will actually be uploaded when the next update is performed (you can do a manual update to initiate the sending)


You could also add a link to this thread and some more information when you do.

-Scott-

Thanks for the answer! ;D

I’ve sent the file to avast! with chest’s email tool. Now only I must wait.

The problem is… why did appear in screen the window? I didn’t touched the file, neither the folder, and I wasn’t scanning in that moment. Does avast! do a second plane scanning?

EDIT: Oh, yes. The file is named HidChk.exe.

No problem :slight_smile:

In answer to your question, I’d imagine that it was scanned as it was executed, by the standard shield (a resident scanning component of avast!):

It is a backup program and is probably running to back up your computer, and is (a bit of a guess here) probably scheduled to run at a certain time, so when it is tarted it is pciked up by avast!

The file is 091011-0 (from yesterday), and yesterday I used the computer and It didn’t appeared. Maybe it only works on Mondays?

It doesn’t matter when it actually runs, but it is more about when the detection is added to the database. In this case, the database update to 091011-0 added this (hopefully false) detection to the database.

Ok. Thank you for the answers. :slight_smile:

You’re welcome.

Periodically scan the file from within the virus chest (after vps updates) and if/when it is not detected any more, you can restore the file.

-Scott-

Hmmm… when I tried to update, avast! said something about “Sending file”, and appeared a route that is the “infected” .exe route. Is that normal?

I have a similar problem. Avast detected as malware gen, the file Hidchk.exe in the C.\ProgramFiles\Acer\eRecovery Directory, after I blocked it by sending the thing to the Virus Chest, it repeats whenever you try to reinstall the eRecovery application from the Autorun

So… it seems to be a false positive. I doubt that two computers were infected the same day at the same .exe.

I do not think it is a false positive. Various days away, the pointer was unstable, and from time to time a web page appeared that was not previously requested by me. I think avast is able to detect the problem in the Hidchk.exe file, but can not detect the script that is producing or creating it, which may be in other file (Note that to me it happens whenever I try to re-install the eRecovery application from the Acer eRecovery Management Application by using the option to reinstall drivers and controllers.
Hope avast was able to detect were the installer of the virus is.

Hi,
I have the same problem: Avast has detected win 32:malware-gen.
The first was detected yesterday in C:\programfiles\Acer Empowering Technology\eRecovery\Hidchk.exe. I tried to delete it but it came back so i put it in quarantine.
The second was detected in C:\ACER\game zone console\Game builds\acer_setups_italian_. I have deleted all the acer game zone console (I don’t use it).
So what is it , a real malware or a false positive ?
I have sent an email to Avast for the first one with the up-date.
My technical english is not good so be kind.
Thanks

Have you an user backup copy of your computer? Unfortunately, I did not do mine.
If I had, I think, I would recover all of the ACER Empowering Technology from it

Ok, after the new update, it stills detecting malware. I’m going to send to VirusTotal another… ok, here it is. XD

Should I send another e-mail to ALWIL team after this new update?

Well, the sad story follows…

I passed Avast, and all of it appears as clean, but nonsense web pages and thinks like that, suddenly appears.

I have used another tool (Adaware) and it has detected two new Trojans (with TAI - Threat Assessment Index- of 10, that is, I suppose, very high). The infected files (two Acer games, Big Kahuma Reef.exe and Bricks of Egypt.exe are now on quarantine) so I am happy, but after this…

I do not know how, the Goggle Gadget with the clock and the date has also appeared on my display (in any case, I like it)…

I suspect, the mother of all warms or Trojans, or whatever it is, is actually on the Directory that is used to install the Acer e Recovery application that I have located as C:\Program Files\InstallShield Installation Information{7F811A54-5A09-4579-90E1-C93498E230D9}.

Tomorrow more…

I have same problem:
11.10.2009 19:10:54 SYSTEM 1716 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe” file.
12.10.2009 18:03:34 SYSTEM 1740 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe” file.
13.10.2009 19:47:40 SYSTEM 1628 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe” file.
14.10.2009 18:22:12 SYSTEM 1624 Sign of “Win32:Malware-gen” has been found in “C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe” file.

Avast warning pop up window appeared first time today. Meaningless or not, I installed avast last Saturday, 10th of Oct.

When the alert pop-up happens you can click the report as false positive link at the bottom right of the alert window.

This will submit the sample for analysis one the next avast update check.

Hi,
I scanned the Hidchk.exe file i have in the chest.
I’m sorry it’s in french but it says : no virus.

Scan des fichiers sélectionnés


Le programme va essayer de scanner le (s) 1 fichier (s) sélectionné (s) de la zone de quarantaine

Déplacer les fichiers vers le dossier temporaire: C: \ Users \ Marcelle \ AppData \ Local Settings \ Temp \ avast4 \ unp201082508.tmp
ID du fichier: 0000000005 Nom original: C: \ Program Files \ Acer \ Empowering Technology \ eRecovery \ HidChk.exe Nouveau dossier: C: \ Users \ Marcelle \ AppData \ Local Settings \ Temp \ avast4 \ unp201082508.tmp \ 5.exe

Scan des fichiers du dossier temporaire: C: \ Users \ Marcelle \ AppData \ Local Settings \ Temp \ avast4 \ unp201082508.tmp
C: \ Users \ Marcelle \ AppData \ Local Settings \ Temp \ avast4 \ unp201082508.tmp \ 5.exe - pas de virus –


L’action A ETE accomplie avec Succès!

So is it really a false positive ? Can I really take the file out the Chest?
Thank you.

Hello
yes, false positive was fixed. Sorry I forgot to send notice about that.

Milos