Possible F/P: Win32:Malware-gen detected in PartyPoker's uninstall file

So I was just running my routine scan of my entire computer this morning. Midway through the scan Avast detects:

Sign of “Win32:Malware-gen” has been found in C:\Programs\PartyGaming\PartyPoker\Uninstall.exe\presetup\IconInIE.exe

The file in question (Uninstall.exe) is what I assume to be the Party Poker software’s uninstaller.

Party Poker is a legit company, and I have had their application software installed on my computer for the past 5 years, using it on a weekly basis. Avast has never picked up anything suspicious about it in the past, it just started on today’s scan.

I’ve also run a full scan with MBAM and everything comes up clean.

Also uploaded the file in question to virustotal and it is coming up as 2/46 with the 2 detections coming from Avast and GData. Results located here:
https://www.virustotal.com/file/3cb242ff6d3b6b02a419d8daa4346964c26861e079be1638a58b8d353343259c/analysis/

I also uploaded the file to jottiscan and it is coming up as 2/20 there with the 2 detections coming from Avast and ClamAV. Results for that located here:
http://virusscan.jotti.org/en/scanresult/b8b63c1c320d1c10a06158389aa78e650abb9c83

The file in question can be found from Party Poker’s official site www.partypoker.com (its basically the uninstaller for their poker software).

I am almost certain this is a false positive. But just wanted to make sure.

Kind regards,

  • Eclipse

Seems to be a FP yes

First seen by VirusTotal
2009-10-14 02:48:20 UTC ( 3 år, 3 måneder ago )

you can report it here http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply

Hey, any word on when this is gonna get fixed?

I sent the file in on 1/15/2013, but its still getting flagged by Avast as being malicious as of today.

How did you send the file, as using the contact-form link that Pondus gave for reporting FPs is usually very quick ?

If it is currently in the avast virus chest you could also send it to the virus labs from there.

In either case make sure that you also give the link to this topic as it contains more information than will be available in the contact-form or send to virus labs submission.

I sent the file using the contact form page on the avast website that Pondus gave. Also referenced this thread as well in the message.
Is there any way to check if they actually received the file?

Not really a way to check, I would try resending but from the chest this time. If it isn’t already in the chest add it to the chest (it just sends a copy not the original) and submit from there.

Hey guys, just wanted to update this thread and let you know that this detection has now been fixed as of the latest update (version 130119-1).

And thank you guys for the helpful replies! :slight_smile:

you may now edit the title of your first post an add SOLVED :wink:

You’re welcome.