When I ran my Avast program, it came up with a Win32:Malware-gen threat. When I tried to move it to chest, it gives an error that the file is read only. I have rebooted the computer multiple times & run a boot-scan a couple of times to see if that would make it work, but it doesn’t. I appreciate any help you can give on this.
I have looked through some of the other threads for those w/ the problem win32:Malware-gen & have used the guide http://forum.avast.com/index.php?topic=53253.0 & am uploading the requested files.
C:\Windows\SysWOW64\wininet.dll is the file name listed in the scan log from the full scan that I initiated because I hadn’t run it in a bit & a screenshot of the scan results is attached. If there is anything else that might help, please just let me know (I hope this is what you were asking for). Thank you!!
Whilst this is a legit file name and I believe location on Vista 64bit and is likely to be protected by the OS, hence the read only error.
I have my doubts as to this being a good detection (false positive) given that this only comes up when you do a full system scan (which I feel aren’t that necessary given avast is an on-access resident AV). Other wise I would expect this file to be detected when in use.
I would suggest that the file is checked against a multi engine virus scanner: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to Open the chest and right click on the file and select ‘Extract’ it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn’t hurt.
Whenever this issue has created a start-up problem of the OS, go to Start, type msconfig in search and hit enter. Now click the startup tab and uncheck everything. Reboot and see if the problem is gone. (solution posted by Jtoast on the Tech Support Guy Forums)
Now find out what application or this FP has created this problem…
Below is the results of the Virus Total Scan. I may have misunderstood, but it seemed that you stated that the file was part of the Vista OS, which I’m running on 7 (sorry if this is out of left field). Also, the file isn’t able to be put into the chest, I get an error stating that the file is read-only whenever I have tried. I’ve double checked the chest to make sure that it hasn’t really gone there already, which it isn’t there.
As to moving the file to the ‘Suspect’ folder, I have attached a screenshot of what happened when I tried to do that.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn't hurt.
When I right clicked, in the scan log as it won't move to the chest, it didn't give me any options submit or otherwise.
My error in thinking you were on Vista, but it is the same thing/location in win7.
I somehow though that the VT results would prove inconclusive, why avast would alert on a Full System Scan yet not at VT is a bit of a mystery. But you should ensure that the avast virus definitions are up to date and manually scan that file (right click on it in the original location and have avast scan it) and report the result ?
If it is still detected you would need to Add to the avast chest and submit the file for analysis see #### below. If it is no longer detected, than it looks like the detection (FP) has been corrected.
In your post you mention Moving, you should have used Copy as the OS would prevent you from moving it.
You should be able to copy it to the chest, but you can't do that from the Scan Log as that is A) just a text file extract of the scan info and B) it is historic data not from the live scan were options would have been relevant. You would have got the same read only error you got originally when you tried to move it to the chest.
####
Adding a copy to the avast chest (only if still detected):
Open the avast Chest (Avast User Interface > Maintenance > Virus Chest), right click in the virus chest section to the Right and select Add.
From the next window navigate to the original location, C:\Windows\SysWOW64\wininet.dll and select the file and click Open (it isn't actually opening it, just selecting it), a Copy will be added to the chest. The original file remains in place so the OS shouldn't stop the copy from being added (not moved) to the chest.
Now you can submit it as an FP as outlined in my Reply #5.