Virus or false Alarm? win32:malware-gen virus

Viruses and worms
1

Greetings,

Avast finds a win32:malware-gen in the explorer.exe process.

Made all files visible and checked the suspects at virustotal.com - no infections found.

Ran Malwarebytes and removed 2 additional threats (unrelated).
Second Avast Scan and still same Virus (?). Malware Bytes reported 0 threats.
Log attached as txt.

Any ideas?

2

what type of scan is this?
can you attach a screen shot of scan result?

3

Custom Scan. Result is found in scanning the memory of the computer. Regular scan gets zero results. Screenshot to follow.

OTL scan crashes (repeatedly tried - won’t run)

4

and i guess you selected “scan memory” ?

DONT DO THAT…if you search the forum you find out why

unless you have a special need or know something the avast guys dont know…then dont play with the scan settings
i recomend using the default quick/full scan with default settings…you can trust that the avast guys know what works for the average user

5

Precisely. And so far no problems (>6 months)

A hint WHY would be welcome but I assume I do NOT have a problem/Virus then?

Further: Would a Virus noit be killed if a restart is made? The process is identified (false) positive again.
Just trying to make sure I have no problem guys.

6
A hint WHY would be welcome but I assume I do NOT have a problem/Virus then?
unless you get any detection when you unselect "scan memory".....nope

the memory scan give some veird scan results…mostly it detects signatures from other security programs installed loaded in memory…the forum is full of cases if you search

if you suspect infection, follow this guide and attach logs
http://forum.avast.com/index.php?topic=53253.0

7

Yep, I would suspect so.

I was only supersticious (is that the right word?) as the “explorer.exe” caused this alert.

The full scan with basic settings delivers 0 results.

8

Most anti malware programmes load signature data in memory as a comparison method. When Avast finds this data in memory - it says whoa that looks like virus data to me … Alarms and sirens…

However, it is not an infection on your system but part of the database of MBAM or something similar

This is why a memory scan is not a good idea unless you have a specific reason for doing it to investigate

9

Cheers and thanks guys.
Vote for close.