Avast Server 4.8 scans my Windows Home Server overnight, I have woken up this morning with it reporting that icwtutor.exe was infected with Infection: Win32:Spware-gen[Spy] and it has moved it to the chest.
Try creating a new folder on your
“C” drive, name it “suspicious”. Move the file from the chest to this folder. Upload it from the folder to www.virustotal.com (multi-online scanning service), takes about 1-4 minutes, post the URL of the results page, please.
On the face of it, it could be a FP, it’s name is legitimate. We’ll see.
I had exactly the same issue this morning. I’d be surprised if the contents of the file have changed since the last scan. The file that is “infected” is the compressed .ex_ in c:\windows\i386, rather than the live executable.
As suggested, I ran the file by VirusTotal. Avast and GData report “Win32:Spyware-gen”, but all other engines record it as clean
send it to virus@avast.com with false positive as the subject and in the body put the password, the link to this topic.
or
go to avast chest > user files > browse for the file > add and click email to avast icon(it’ll be uploaded and not emailed) > do a manual update of avast virus database.
Chewie, you could also send the false positive report to Avast, or just wait for the next Avast VPS update, when it should be corrected.
Following the next update, try scanning it from within the chest, or the Suspicious folder. If it scans clean, that is confirmation it was a FP, and it can be restored to original location from the chest, and deleted from the suspicious folder.
Avast are pretty good about fixing FP’s fast when reported.