I was playing SecondLife, a game which I have played for years now… and today while playing I received a pop up from Avast showing Threat Blocked, SLplugin.exe because of IDP.Generic as an issue. I moved the threat to the Virus Chest and then I sent for analysis to Avast through the tab located in the Virus Chest. I use Premium Avast, with the latest update.
I ran a full Virus Scan and nothing came up, but I also Uninstalled SecondLife and deleted any files. I became nervous and did a search and I saw that SLPlugin.exe is often flagged by AV’s… but how will I know what Avast found through the analysis whether its a false positive or actually a problem?
No, it didn’t give that option. It was just had me click Send For Analysis in the Virus Chest from my Premium Security console. In the space where it gave for me to add anything, in terms of notes… I did not give my e-mail address.
Ordinarily you wouldn’t need to give your email address as they would just analyse it and not actually contact you.
Give it a few days and try moving it out of the virus chest (Extract see attached image) and see if Avast alerts again. Some time ago there used to be an option to scan the file again within the virus chest, I don’t know why they removed that option.
When you extract it you can choose where to place it (choose a temporary location) so you can find it if required. The process of extracting it should cause avast to scan it in the new location. If it doesn’t alert then that would tend to indicate that the first alert on SLplugin.exe was a false positive.
Extracting it won’t execute it, something has to run the command to execute it.
Extracting it to a different location than normal would lessen any risk, as you are moving it not executing it.
Extracting it to a new location would cause Avast to scan it (as a newly created executable file), if it is still considered malicious, back to the virus chest it would go (you don’t have to take any action).
If avast does not alert then it is very likely the Send for analysis has found it not to be infected (a false positive). Virus signatures would be updated.
Yes I would get rid of it from the temporary location and reinstall SecondLife.
I haven’t had time yet to extract the item from the virus chest. I will do so sometime this week. I am glad to see someone else reporting it as a False Positive however, but will still go ahead and follow your advice and see what comes up.