Malware or False Positive

Good Afternoon :slight_smile:

On 12.07.10, I received the following Avast5 warning ……

Malware blocked.
avast File System Shield has blocked a threat.
No further action is required.
Object (original location) : C:\Program Files\Creative\SBAudigy\SFBM\sfbm.exe
Infection : Win32: Malware-gen
Action : Moved to chest
Process : C:\Program Files\SIW\siw.exe
The threat was detected and blocked just before the file was executed.

I have SIW (System Information for Windows) installed on this machine.

I have left sfbm.exe in the chest meantime.
Is this a False Positive or a virus ?
Within the Virus Chest, I right-clicked on the line for sfbm.exe >> Scan.
In the Virus column, it then read “no virus”
Can I now restore this file from the chest ?

scrumdown

If it is now shown as clean in the chest it looks like it was an FP and the signature was corrected in the next virus definitions update. If you wanted to check it, see ### below for how to go about that in the future.

So yes, you should Restore it from the chest. Check the original location and ensure that it is back there and you can delete the copy that remains in the chest.

You can check offending/suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

Hi David,

Thanks for your very quick reply.
Also for your helpful information.
I will check this out later this evening.

scrumdown

No problem, glad I could help.

Welcome to the forums.