Win32:Adware-gen [Adw]

Viruses and worms
1

Hello , I am a chinese. Sorry about for my poor English . I just hope you can understand what I mean .

I had a little problem in my using of AVAST.

“Win32:Adware-gen [Adw]” has been found in “C:\Program Files\Huawei-3Com\H3C 802.1X 客户端\Dot1XClient.exe” file.

2

Hi Alexander5,

Please upload the file to VirusTotal for analysis. Post the results here.

3

I also received the same message listed above.

File name: C:\ProgramFiles\Symantec\LiveUpdate\DISreboot.exe
Malware name: Win32Adware-gen[Adw]
Malware type: Adware

I posted to VirusTotal as you suggested and received the following:

File 00000137 received on 08.10.2008 23:23:20 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.8.9.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.09 -
Authentium 5.1.0.4 2008.08.10 -
Avast 4.8.1195.0 2008.08.09 -
AVG 8.0.0.156 2008.08.10 -
BitDefender 7.2 2008.08.10 -
CAT-QuickHeal 9.50 2008.08.08 -
ClamAV 0.93.1 2008.08.10 -
DrWeb 4.44.0.09170 2008.08.10 -
eSafe 7.0.17.0 2008.08.10 -
eTrust-Vet 31.6.6021 2008.08.08 -
Ewido 4.0 2008.08.10 -
F-Prot 4.4.4.56 2008.08.10 -
F-Secure 7.60.13501.0 2008.08.10 -
Fortinet 3.14.0.0 2008.08.10 -
GData 2.0.7306.1023 2008.08.10 -
Ikarus T3.1.1.34.0 2008.08.10 -
K7AntiVirus 7.10.408 2008.08.09 -
Kaspersky 7.0.0.125 2008.08.10 -
McAfee 5357 2008.08.08 -
Microsoft 1.3807 2008.08.10 -
NOD32v2 3344 2008.08.10 -
Norman 5.80.02 2008.08.08 -
Panda 9.0.0.4 2008.08.10 -
PCTools 4.4.2.0 2008.08.10 -
Prevx1 V2 2008.08.10 -
Rising 20.56.41.00 2008.08.08 -
Sophos 4.32.0 2008.08.10 -
Sunbelt 3.1.1538.1 2008.08.09 -
Symantec 10 2008.08.10 -
TheHacker 6.2.96.395 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 -
VBA32 3.12.8.3 2008.08.10 -
ViRobot 2008.8.8.1329 2008.08.08 -
VirusBuster 4.5.11.0 2008.08.10 -
Webwasher-Gateway 6.6.2 2008.08.10 -

Additional information
File size: 36872 bytes
MD5…: 815064eb7f4f1cbd73fe84bc32878470
SHA1…: 6e5daef13f404de0298e6bed166093ae8aff09c3
SHA256: 131d78532935afb96557b2b5bf422ec884021cbc2001131626df0073d3805263
SHA512: 7facdf599e3024eb47e273275e1f79cbbba540083475fd24b22dc8fa1a269f1d
5e73f1303f0c951b8c031958e993d18a4db241cead9729204d7b353f3dce90df
PEiD…: -
PEInfo: -

I am not sure what any of it means. I would like to know what to do aobut it.

4

It isn’t unusual to not have avast detect on VT when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

If it is indeed a false positive and it seems so, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.