I’m using TIBCO product for my work. Recently, Avast detected that TIBCO Rendezvous Communications Daemon (messaging system) is a Virus/Worm.
Here are the details:
File name: C:\tibco\tibrv\bin\rvd.exe
Malware name: Win32:Trojan-gen {Other}
Malware type: Virus/Worm
VPS version: 080717-0, 17/07/2008
I tried to had this file in the Exclusions list, but I guess this exclusions list only contains file that won’t be scanned.
Please advise what would be the best approach as the only solution I found so far is to pause the standard shield then start the service. It is not a viable solution as my computer is then not protected.
You can’t upload the file if it is in the chest, you need to extract it to a temporary location.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
There are two exclusions lists: Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions (this is the one you appear to have used and it doesn’t work for on-access scanning)
I simply disabled the standard shield to be able to upload the file. Here is the result:
MD5: a8e240b25b25bb54560b6b31a3395b16
First received: 07.01.2008 13:15:58 (CET)
Date: 07.01.2008 13:15:58 (CET) [>21D]
Results: 3/32
Permalink: http://www.virustotal.com/analisis/d91f4c095c534895c733dad9fcb66b2b
I would say there is a high possibility it is an FP as the 3 detections are heuristic (which can be prone to FP). The avast Win32:Trojan-gen is generic signature ( the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.
It may be nothing to do with TIBICO, the Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.