Seems to be a lot of FPs today, so I want to check mine too

Panicked family member running to me about Avast finding a virus

The file in question is:

hidchk.exe

It is part of the eRecovery tool/program located in:

C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe

Happened today. Nothing seems to be weird with the machine, I’ve done some other scans, nothing positive. Uploaded the EXE to Virus Total as well, 2/39 (Avast and GData) marked it as Win32.Malware.gen, but I hear GData uses Avast’s “database” too.

So looking at that, 99% a FP then? ::slight_smile:

Thank you for all the hard work here, Avast is really good and I install it on all my clients’ and families’ machines.

Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586

Thanks for helping improving avast.
Seems last virus database is indeed giving more false positives…

Hi TheStig,

Because of heuristics a couple of e-recovery files were detected and are probably FP’s.
In your case this is an acer file - please check your file against following data to see whether it is genuine.

HidChk.exe - diagnosis information on HidChk.exe

File Name
HidChk.exe
MD5 Checksum 0c793426ca0b48c4ecabc1a00e77e6e1
File Version 3, 0, 0, 18
Description Check and Diagnose HidChk.exe immediately. The file HidChk.exe is likely a legitimate Windows file or a disguised threat. As malicious PC threats may delete legitimate files and then pretend themselves to be normal files to compromise system, it is highly recommended to run an scan against virustotals.com or jotti to check for the file HidChk.exe see if it is genuine.

Copyright Information Acer Incorporated. All rights reserved.
Product Name HidChk
Product Version 3, 0, 0, 18
Vendor’s Name Acer Inc.
Notes - probably FP,

polonus

Thanks, I will check it shortly, the machine is… er, unaccesable :stuck_out_tongue:

Also Tech: VirusTotal, as said in my post, turns up as 2/39, both scanners that picked it up were Avast and GData.

polonus: I will check it shortly, probably within 1 hour, I will post again a moment. Thank you for the file.

How do I such a check by the way? Never done it like this before.

GData detection is the same as avast (as it uses the same engine and virus definitions).
It’s a false positive.

I got also alarm today, 3 times. This is VirSCAN report. Can I consider HidCHK.exe as false positive?

VirSCAN.org Scanned Report :
Scanned time : 2009/10/12 23:03:55 (CEST)
Scanner results: 5% Scanner(2/37) found malware!
File Name : HidChk.exe
File Size : 311296 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0c793426ca0b48c4ecabc1a00e77e6e1
SHA1 : 8215b5fa2bfa3a3252b1e7ea557ad8ecf583aa60
Online report : http://virscan.org/report/1778418b34a553358aed6b7c7f5d5581.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091013010332 2009-10-13 4.21 -
AhnLab V3 2009.10.12.04 2009.10.12 2009-10-12 1.07 -
AntiVir 8.2.1.35 7.1.6.101 2009-10-12 0.46 -
Antiy 2.0.18 20091012.2993830 2009-10-12 0.02 -
Arcavir 2009 200910121608 2009-10-12 0.09 -
Authentium 5.1.1 200910121720 2009-10-12 2.07 -
AVAST! 4.7.4 091011-0 2009-10-11 0.02 Win32:Malware-gen
AVG 8.5.288 270.14.11/2430 2009-10-12 0.34 -
BitDefender 7.81008.4336635 7.28275 2009-10-13 3.72 -
CA (VET) 9.0.0.143 35.1.7063 2009-10-13 4.87 -
ClamAV 0.95.2 9881 2009-10-10 0.06 -
Comodo 3.12 2588 2009-10-12 0.85 -
CP Secure 1.3.0.5 2009.10.11 2009-10-11 0.08 -
Dr.Web 4.44.0.9170 2009.10.12 2009-10-12 5.63 -
F-Prot 4.4.4.56 20091012 2009-10-12 2.21 -
F-Secure 7.02.73807 2009.10.12.07 2009-10-12 0.17 -
Fortinet 2.81-3.120 10.935 2009-10-12 0.31 -
GData 19.8358/19.508 20091012 2009-10-12 5.36 Win32:Malware-gen [Engine:B]
ViRobot 20091012 2009.10.12 2009-10-12 0.41 -
Ikarus T3.1.01.72 2009.10.12.74056 2009-10-12 4.17 -
JiangMin 11.0.800 2009.10.08 2009-10-08 3.80 -
Kaspersky 5.5.10 2009.10.12 2009-10-12 0.14 -
KingSoft 2009.2.5.15 2009.10.12.21 2009-10-12 0.70 -
McAfee 5.3.00 5769 2009-10-12 3.35 -
Microsoft 1.5101 2009.10.12 2009-10-12 7.48 -
Norman 6.01.09 6.01.00 2009-10-12 4.01 -
Panda 9.05.01 2009.10.12 2009-10-12 1.98 -
Trend Micro 8.700-1004 6.534.04 2009-10-12 0.03 -
Quick Heal 10.00 2009.10.12 2009-10-12 1.26 -
Rising 20.0 21.51.04.00 2009-10-12 0.91 -
Sophos 3.00.1 4.46 2009-10-13 2.46 -
Sunbelt 5443 5443 2009-10-11 1.80 -
Symantec 1.3.0.24 20091012.002 2009-10-12 0.08 -
nProtect 20091012.02 5794481 2009-10-12 7.17 -
The Hacker 6.5.0.2 v00039 2009-10-12 1.97 -
VBA32 3.12.10.11 20091012.1122 2009-10-12 1.98 -
VirusBuster 4.5.11.10 10.112.66/2003935 2009-10-12 2.86 -

I bet you can.

Hi Tech,

I really hope they will correct this real soon, else it will be new: “avast to detect genuine files as malware”.
Avira was reported to have such a period with critical executables flagged falsely, this made the news in the security forums. In the previous century DrWeb had a scanner renowned for loads of FP’s. a-squared free is still shunned by users because of the number of FPs, despite of their new Ikarus scanner…

…Oh, I just saw a new iAvS update, maybe the FP’s were corrected…

polonus

I still cannot get hold of the laptop. Will have to do this tommorow since it seems the owner locked herself (don’t worry. family!) in bedroom and I’m unable to retrieve it, despite me telling her not to lock the door or at least leave the laptop out.

However it seems to be a FP for sure as someone just also reported (as above) ;D

Why do not join all of you in the same thread, same problem.

See that thread opened by Subrosia, titled as Malware in Acer program. That way we could share all the information in the same place.

In my case, I am completly sure it is not a false positive.