too many FP

Viruses and worms
1

hello dear friends, I noted that Avast is detecting a lot of FP during the last days, what’s going on, is something changed in the software? On my pc in two days in a two different scanning marked HPWaitWindow.exe and intervideo/windvd.exe. I checked both files on virustotal and virscan.org and not virus at all were founded.

2

Hi antonpaco,

Indeed there are some issues (soundman.exe etc.) that should not be flagged, but I think this could be because of the transition to the new avast version that is being made stable and solid.
Best policy for you when you know this is upon a find never delete, could put it in the chest to be restored or better even test at virustotals or jotti. If it is only flagged by avast and a partner scanner more than likely to be a FP.
One can also check at anubis analyzing unknown binairies. Another check could be if the file path is uncommon from its normal location. Whenever there is doubt report here and send the FP to alwil so it can be corrected a.s.a.p.

polonus

3

You will also no doubt have noticed that the malware name is Win32:something-gen.

  • The avast Win32:Something-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

These generic signatures are a form of heuristic detection, which are more prone to FP, so it is a tough game in blocking a new virus/malware variant, which wouldn’t otherwise be detected by specific signature.