Seems like a MAJOR revision of the Antivirus engine & database updates is needed as of late since now printer driver files are being flagged as being trojans with just a generic name for the FP…
Case in question:
EBAPI4.DLL
EBPBIDI.DLL
E_FASKEGL.DLL
E_FBA6EGL.DLL
E_FBAPEGL.DLL
E_FBL6EGL.DLL
All of which are Epson LX-300+ and Epson Stylus TX400 series printers being used in a networked environment as well as locally.
It’s my particular opinion that Avast!'s engineers should revise their program’s code (the one before the dreaded FP of last time which “crippled systems”) to see where they might have gone wrong.
I’m quite aware that as threats evolve, so should the code implemented to stop them, but it is also important to not “throw out” updates without extensive prior testing.
In my particular case, I’d much rather be alerted of new threats & get a notice about them and told to exert caution while a properly tested update is being built. May take a few hours of wait which are a million times preferable to (in some cases) days to restore system functionality.
Check this forum as there are two other topics relating to this as a possible false positive.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Also resolved an issue with Call of Duty 4 - iw3sp.exe being flagged as a FP…
I’m with a few other folks on this… It seems that Quality control testing is not being applied properly and it’s going to hurt Avast badly if it continues… Not a threat mind, just a reality check… once is an accident, twice is bad luck, three times is incompetence.
I see I’m not the only cat on the block with an Epson printer. It really does seem like this one could have been caught with a little preliminary testing. If the same driver related file is being flagged universally, it could mean that an infected version of the file is being distributed, it has some vulnerability that is being widely exploited, or it is a false alarm. My hunch is that it is usually the latter. My flagged file had a modification date of 2007. I know way back, probably Win95 and maybe Win98, it was easy to write a phony date for a file. Is it still?
We have VPS 091216-2 and having the same problem with the DLLs - we have an Epson 610.
We submitted all of the supposedly infected files to Virustotal and these are the permalinks to the reports. I have no idea what I’m looking at here so would appreciate someone who DOES know what they’re looking at to explain a bit
I’m attaching screen caps of 2 of the alerts as well as of the chest with the subject files listed.
Also, SOMETHING has been “failing” in Avast according to the log viewer and I have no idea what that’s about.
AND, it singled out PrimoPDF.exe (pdf printer) as a Trojan and now I can’t use that either.
