Avast did a scheduled scan, and reported that (in four different places, the same program) SOUNDMAN.EXE is infected with a Win32:Malware-Gen. This program has been on the computer for 7 years, since XP installation. I’ve even used it before. The programs were last ‘modified’ in 2003 too, but last accessed June 13th.
Is this a false positive? Or a virus? With a google search, other antivirus programs also had reports of it being a false positive, but I thought I’d ask. :-\
You can check it at virustotal.com
asyn
Didn’t work. Can’t send it to the site, or as an email. ‘You don’t have sufficient permission to perform this operation.’ from outlook trying to attach it.
0 bytes total from the site, encrypted or not.
You can run free Mbam for a second opinion…
http://www.malwarebytes.org/mbam.php
asyn
That might take quite a bit of time. The curse of dial up.
No problem, awaiting your reply…
asyn
Edit: Info from Prevx…
http://www.prevx.com/filenames/X274429744718118850-X1/SOUNDMAN.EXE.html
I managed to get it sent in to Virustotal, and, like the other couple of threads I read, it seems to be a false positive, as only avast 4.8, avast 5, and GData, which I read uses avast, consider it a threat.
Also… how do you report false positives? >.>
Can you send it to the chest?
If you have Avast! 5:
(It can be different because my avast! is Hungarian, it’s just a quick translation)
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.