Hi there all. (New here, so forgive me any omissions or errors in the following.)

So… I ran a boot time scan yesterday. No problems/all clear. Today, for whatever reason, I ran one again. And I got the following message:

File C:\Windows\assembly\NativeImages_2.0.50727_32\stdole\f698ac346476a20a02725b8e9de422cd\stdole.ni.dll is infected by Win32:Malware-gen.

Hadn’t done anything during the day that I hadn’t before yesterday’s scan except update Adobe AIR and 64-bit Java- both on Avast’s advice- plus update to the latest version of Avast, too. And to be told, the computer was running just fine all night last night (after yesterday’s scan) and today. So, am I maybe looking at a false positive here? That said… as the above item is in a Windows folder, I did not want to just blindly go ahead and do something that I might not be able to undo (if needed). Is the above item safe to delete? To move to chest? To repair? Or, can it be ignored? For the time being, I have done the last thing…

Appreciate your advice/comments.

Oh… I almost forgot:

When I scan the Windows\assembly folder with Malwarebytes, everything comes up clear. No infection found.

If the file is NOT quarantined, you can upload it to Virus total here: https://www.virustotal.com and see the results.

Thanks for the tip. My only problem is that when I try to do what you’ve suggested (“Choose File” to be scanned by VirusTotal), I am unable to find said file in the Windows\assembly folder. And I do have my preferences set to show hidden files/folders. Any additional ideas?

I’m having the same problem. Can’t find the file. Any suggestions?

it should be in your virus chest…

UI>>Maintainence>>virus chest>>select the file>>hit extract>>extract it to desktop>>upload to www.virustotal.com

Not if you haven’t moved it to the chest. And that was part of my original question. More specifically, during the boot time scan, avast asks you if you are sure about moving a file that is in a Windows folder to the chest. Is it okay to do that?

Avast doesn’t allow me to put it in the chest. It’s not there.

I found this Win32: Malware-gen thing on my Dell WinXP laptop last weekend during my post monthly program and Windows updates boot time scan with Avast. It wasn’t there on 02/02/13 the last time I did an Avast boot time scan.

Neither earlier numerous quick scans made during the month found it and full system scans with Spybot or Malwarebytes flagged up nothing wrong post updates either.

The ‘malware’ was located in Windows default hidden Restore Point folder and I used the Avast delete option to kill it.

A new boot time scan was clean and I have had no problem since

Well, you can search the file by entering its name in the search box when you open “My Computer”. Are you sure you checked the virus chest and the “stdole” directory? I’m not a virus removal expert, but if you think you are infected you can scan your computer with some of the tools here: http://www.selectrealsecurity.com/malware-removal-guide or you can post a new topic in the “viruses and worms” section, where you will get further assistance. Open avast GUI> security> antivirus, click settings in the boot time scan area and make sure that the default action is move to chest(not ask). Then run the boot time scan again.

I really like latest version of Avast! It does seem to flag up some false positives though. Latest one for me is the new version of Furmark benchmarking tool.
everyone I have had has been found safe after a couple of updates, I turned the setting for reputation off if seems a little eager.

Report this to the Avast! virus lab.

You should not turn off Reputation service, it powers the autosandbox (mainly) !
Are you talking about FurMark 1.10.5 (http://www.softpedia.com/get/System/Benchmarks/FurMark.shtml) ?
I downloaded it, executed the setup and file got autosandboxed. It’s a rare file in the community …

spywar

I did report it to them, I alpha and beta test games so many programs I use have little or no reputation.

@twn321- if you create a topic in the viruses section attach this logs: http://forum.avast.com/index.php?topic=53253.0

Well… Ran a boot time scan again today. And the system comes up clean this time around. Without the file ever having had anything done to it. Interesting…

Maybe it’s a false positive. Do you find the file? Are you sure that the file was not deleted when avast! find it? If you find the file upload it to the avast! virus lab!. How to upload files to the lab ->-> http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1406#idt_07.

Win32:Malware-gen is a detection from the proactive part of avast!(heuristic engine, autosandbox, behaviour shield etc.). If you scanned the “infected” directory again with avast! and malwarebytes, and they can’t find anything, it is likely to be a false positive. You can scan with Hitman pro to be sure: http://www.surfright.nl/en/hitmanpro/. Hitman pro is a cloud antimalware. It runs a behavioural scan and uploads the suspicious files to the hitman pro servers.

Win32:Malware-gen is a detection from the proactive part of avast!(heuristic engine, autosandbox, behaviour shield etc.). If you scanned the "infected" directory again with avast! and malwarebytes, and they can't find anything, it is [b]very likely[/b] to be a false positive. You can scan with Hitman pro to be sure: http://www.surfright.nl/en/hitmanpro/. Hitman pro is a cloud antimalware. It runs a behavioural scan and uploads the suspicious files to the hitman pro servers.

Take a look here: http://www.im-infected.com/trojan/win32malware-gen.html