Real trojan or false positive

Hi, wonderful people,

Today Avast found a ton of suspect files on my computer, and several more on a second scan. However, I noticed a few weird things:

  • the flagged files are all old (7+ years) Word documents;
    – that never showed up on previous scans
    – that were not touched for a while
  • threat name was very generic: Other:malware-gen [Trj]
  • I didn’t check the first time, but I did it with the second scan, and all flagged files ended with the extension “fontTable.xml”

Could it be a false positive? Please let me know.

Could it be a false positive? Please let me know.
Not possible to say from info given

Upload some of those files detected and scan them at www.virustotal.com

Post link to scan result(s) here

Lke this? https://www.virustotal.com/gui/file/c0a384b37840188d3bf1d5653ae6db9933f2a9dfd17e44f8befc7ed689b61ae1/detection

https://www.virustotal.com/gui/file/c0a384b37840188d3bf1d5653ae6db9933f2a9dfd17e44f8befc7ed689b61ae1/detection

In both cases, only Avast and AVG seem to think the files are “suspicious” (notice how Avast Mobile doesn’t, lol).

What could it mean?

In both cases, only Avast and AVG seem to think the files are "suspicious"
Avast and AVG is the same program

Anyway that looks like false positive

Send file to avast lab so they can fix
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

As Pondus says, and I share his validated superstition here.
Wait for a final verdict from avast’s.

As it is a generic detection that both avast, once partnering with AVG shared,
it could be prone to be one of these old generic detections, caused by their detection methodology.
and known to be false positives. But wait until you hear it from the horse’s mouth.

polonus

Will do. Thanks!

Oddly enough, I’ve tried scanning one the flagged files directly (right click → Scan selected files)… and Avast says it’s clean. Lol

Hi Ernesto73,

What more of the same story do you wanna hear, my friend?
So they do not longer detect this their previous generic find.

Thank you for the heads-up on this, also as from other avast users.

polonus

Would you say it’s safe to restore the files from quarantine, then?

And here’s the response from Avast:

AVAST Support 10:36 (32 minuti fa) a me

Hello,

Thank you for reporting this false positive.

We have now cleared its reputation in our database based on the findings and removed the detection. This change may take up to 24 hours to take full effect. Please accept our apology for the inconvenience caused.

If the detection persists after 24 hours, update the virus database in Avast anti-virus and reply to this email with the attached files:
1.Take a screenshot of the Avast detection dialog (Threat Secured pop-up with See details - displayed at the bottom).
2.Take a screenshot of the Avast virus database (open Avast antivirus and go to Menu > About).
We hope you have a nice day and stay safe online.

Mikel
Avast Malware Analysis Team
Enterprise Office Center, Pikrtova 1737/1a, 140 00, Prague 4, Czech Republic