Probable false positive with engoutput.dll

Viruses and worms
1

I was informed that Avast antivirus recognizes the file engoutput.dll (can be found at http://kvetka.org/download/engoutput.zip) is infected by Win32:Malware-gen. This file is the plugin of the chess program. I’m not sure that it is really infected. Could you please check it?

Thank you.

2

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

3

This is the result of virustotal check: http://www.virustotal.com/ru/analisis/bfe65abc4acee0e4fa90dff087e474640f4a604beb527ab849ae1f4deb24425b-1280175019.

Is there any online tool for submitting suspicious files to viruas lab? I’m afraid that I don’t have Avast antivitus installed on my computer.

4

You can send file via email :virus@avast.com

Instructions for sending files to analyze
-Submit a suspicious file for analysis(Virustotal)
-Open TugZip,WinRar WinZip 7Zip…
-Select File
-Make password(virus or false positive)
-Make a new name for the zip file(Undetected malware or False Positive)
-Open your email account and write: Hi – Virustotal: Copy Url --Password:virus or false positive
-Select file
-Send this file to Avast lab

Have a nice day :slight_smile:

5

Hello,
thank you for notice, false positive will be fixed in next VPS update (100727-0)

Milos

6

Thank you all very much for the help.

7

Hi kvetka,

There is something wrong there still, according to the finjan scan of the url you gave (make it written with hxtp):
Active content was blocked due to digital signature violation. The violation is missing digital signature,
this should be addressed for active content else you risk it will be blocked…

polonus