UNIDRV.DLL being detected as Win32:Malware-Gen

As of today’s Avast signature update (110414-0), we are having problems with UNIDRV.DLL being detected as Win32:Malware-Gen. The file in question appears to have not changed since 2008. Is this a bad set of signatures pushed out by Avast?

You can report a FP here: http://www.avast.com/contact-form.php?loadStyles

We are also experiencing this issue today and it’s causing us a few headaches with staff moaning at us that they can not print any documents.

I’ve already reported the false positive and got a call logged with avosec support.

At least I know we are no longer alone on this issue lol ;D

Hello, any news about this issue?
All our customer with Avast Antivirus are reporting same problem, other customer with any other AV software are not.
Avast customer are sincerely thinking to change their software, could we find a fast workaround?
thank you to all

We have the same problem.

Guys, if you already reported it to avast, it’ll be fixed asap…!!
asyn

no FP on that file here with VPS 110414-0

edit: yeah okay that’s on a W7/64 version of the file, and the issue seems to be on XP, so my scan is not relevant.

I’ve got faith that this will be fixed quite promptly, Avast have never let me down in the past :slight_smile:

Hi

I have the same problem too with XP SP3 machines.

Avast moves the unidrv.dll file to the chest.

If you then restore the file and try and print it locks the machine up.

If you then reboot it moves the file to the chest again.

Do you know how the problem will be fixed? Will a new definition be released and propagated? If so will that file restore the unidrv.dll file to its original folder?

Thanks

Andy

It only seems to be on Windows XP and the complete path to the file that we have is:

C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL

We are having the same problem here; the only way to make the clients print again is the following:

  1. logon as an administrator
  2. disable avast realtime protection
  3. reinstall the printer driver
  4. logon again as the user

Of course this is a bypass and leaves you with no protection and I really hope the virus definitions are updated very soon!

Michele

@ logos:
it depends to which version of unidrv.dll you have. We submitted a version which report the problem. Perhaps some bytes in that file are same as real malware…

yes I edited my post above :wink:

Yes it is the exact file being detected here as well! (all clients are XP SP2 or SP3)

By the way not all clients are having the problem even though they have the very same definitions…very strange indeed!

Michele

[quote author=Logos link=topic=76220.msg630381#msg630381 date=1302776957]

this post is growing very fast ;D

Just checked it, I don’t get this…???
See screenshot.
asyn

Some clients of ours are also having these problems.

They’re working on managed 4.8 clients. I’ve suggested adding the printerdriver as an exclusion, I’ve had no reply yet if that works.

I hope this problem gets fixed soon.

It seems to happen to several configuration but not all, in some networks we have problems on all clients, on other only with a few clients.
another our customer reported it on a Vista machine:

Are all reports here related to avast 4.8 versions…??

4.8.1061.0 here