I have used Avast 4.8 Home edition since August and don’t know what I am doing. Avast found Win 32:Malware-gen during a routine scan and I had Avast quarantine it. Avast Virus chest gives the following information about the file:nvNetUtils.exe, original location:C:\Program Files\NVIDIA Corporation\NetworkDiagnostic,last changed 3/19/2007 10:25:06 A.M., Transfer time 11/6/2009 6:29:24 P.M., Virus Win 32:Malware-gen.The network diagnostic checks the network connection from your computer to the NVIDIA server. How do you upload to a testing service? I have uploaded it to Avast. Thanks in advance for any help.
I have also checked the file in the virus chest and it still is identified as a virus. I tried to add same file to user files and when scanned there it was not identified as a virus. I do not know if I did this correctly.
likely a false positive - not unusual for Nvidia desktop to trigger conflict with browser connect nor for diagnostics to return false positive readings. Someone else more qualified with FPs may add to this but I think you okay.
I do not know how to put it in a place where virustotal could upload it and I have tried to put it in user part of chest and ended up putting it in a “wrong” folder of avast. It was then detected as a virus and placed a second time in avast virus chest! I see no option to upload to virustotal when I click on file in avast chest: only one to send it to avast which I have done… ???
inexp2.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
I tried this and access was denied to this file. Maybe it matters that I have Windows Vista Home Premium SP2. I am also using Windows Firewall. I hope someone can tell me what to do now. I do use the nagging user control thing…Am the administrator of this computer but not well versed in administrator’s tools.
inexp2.
It doesn’t matter what the OS is as avast will block any action on the file (including uploading to VT), that is why it needs to be in a location which you have pre-excluded as in the second paragraph of my post.
If you can explain in more detail exactly what you were doing and when you get the access denied ?
There is no option within avast to upload to VirusTotal, that is why I gave instructions on what to do to prepare to upload it. Having done that, you then click on the virustotal link, there is a Browse button having clicked that a navigation window pops up. Using that navigate to the Suspect folder you created and select the nvNetUtils.exe.
When uploaded VT will scan it with all its scanners and once done, there is a URL in the address bar of your browser, copy that as it provides a link for the results you see, post it into the topic.
I right clicked avast in system tray, selected On-Access Protection control, selected Standard shield(which is on high sensitivity).selected “customize”. From there, resident task settings; clicked tab for “Advanced”. This is not “Scanner( Advanced)”. Second ‘item’ under this states:“Here you can modify the locations that will not be scanned and/or tested (global exclusions are not appended).” This is where I listed that folder. I right clicked the folder and selected “send to”. Then an option to send to Virus Total appeared.
Then the warning “access denied”. I have since scanned this folder with Avast and put it in the avast virus chest since I am too afraid to do otherwise.
inexp2
Look sorry I had to rush out and forgot that you need to move the file out of the chest to upload to virustotal. But follow the instructions as detailed by DavidR. He has gone through this many times with new members to the forum. You dont need to rush. There is plenty of time.
I extracted to a folder as suggested by DavidR, but the right clicking to send to Virus total produced access denied. I don’t know if the way Virus Total got put into the menu has anything to do with why access was denied. I don’t think I went online with “administrative rights” when I downloaded vtsetup to desktop.
inexp2.
Don’t worry about downloading the link to the desktop (The link posted was for virustotal.)
Just click on the link, and it will open the website in a new tab or window. On that website, click the browse button, and use the explorer-like interface to locate the file in the folder you have created. Then upload it. (there is an upload button, titled “send file”.)
Wait for the scanning to finish.
Please post the URL (copy and paste it from the browser address bar direct into your next post) once the results are in.
There is a good chance it has already been scanned, if so, post the permalink it comes up with. (Have a look at that results page yourself, to get a bit of an idea, too, if that’s the case.)
This seemingly worked. Apparently someone else had uploaded the samething on 6/25/2009. I got the following before I had it re-evaluated:
File has already been analysed:
MD5: aa1dbedfc493dffac3d9ee0feee15d06
First received: 2009.06.25 08:09:56 UTC
Date: 2009.06.25 08:09:56 UTC [>136D]
Results: 0/41
Permalink: analisis/5f95fd9fc45d8d2b112586ab4778accf9919ade5df73ac7589eb6f79f7e92d39-1245917396
Is this what you need ? After it finished, it said Result 3/40(7.5%). Now what?
inexp2.
Ah. It is looking more like it may be a false positive (only three out of the 40 scanners detect it) but what we need is the link.
To get that, click on the permalink yourself, and the analysis will open in a new tab or window. Then copy the address in the address bar of that tab/window, and post it, thanks.
The hits represent the AV’s that detect it.
Gdata and Avast share their engines, so essentially, those two represent one detection.
Panda detects it as a “suspicious file”.
The “.Gen” Avast/Gdata report is short for “generic”, basically meaning the file structure has similarities to a known breed of trojan, but isn’t precisely that one. (That type of detection is necessary and used by most virus scanners in order to try and keep up with the thousands of new variants of malware of a family that are produced by the “bad guys”.)
I would be confident enough that this is a FP (false positive) to restore the file to its’ original location.
Would you please go to the chest (after opening the Avast interface) and right click on the file. Select “email to Avast”. In the “type” select “false positive” in the drop down menu. In the text box post the URL as copied by CharleyO above, tick “I know what I’m doing” and then press submit.
This will take place during the next vps update, silently. You probably won’t get a reply, and as the detection is generic, it may not even be possible for the developers to remove it from the database…I don’t really know.
Right click the file again, and select “restore” (if you want that file back. Do you need it? That is another issue, unfortunately I don’t have time to think too much about that. If you think you might not need it, leave it in the chest for a while. There’s no hurry, if the pooter is all working OK. It’s to do with the Nvidia drivers diagnostic tool. Many home users don’t need this program.)
I think can safely say you did the right thing sending to avast, inexp2.
For the time being leave the file in the chest if you want for a couple of weeks then scan it again and see if it still registers as a malware detection. If it does, then reply post here, otherwise restore the file.
If you copied file to suspect “suspect” folder in order to upload to virustotal, then you can delete that file and folder from your computer. You can also remove vtsetup from desktop if is still there and uninstall anything that you may have set up from that download (that is reverse what you did there) and from now on use the online service that is provided at virustotal http://www.virustotal.com/ . You’ve done well.
As I said earlier, I’ve had problems at times with Nvidia on my desktop especially where I’ve made use of their control panel (Nview or something I think its called - I havent checked up). Sometimes prevented me from connecting with the browser, and sometimes if I remember right, a difficult problem to sort out. But you seem to have done okay.
I have sent the false positive report to Avast(first report also had that subject as I did not know what to put) and ended up extracting it to original location. Repeated putting of the “suspect folder” in chest may have been why I had trouble restoring it. Avast said that it was restored, but it wasn’t until I did the extraction. I protected that file same way as the “suspect” folder. Avast does not like that file.
The other “copies” from repeated putting in Avast virus chest I deleted. Hope this was ok. I do not know if to go ahead and allow Java 6 Update 17 install. I don’t think I have anything else but tracker cookies. inexp2.