Hello. I was looking at the log of my scheduled scan this morning and to my surprise, Avast found Win32: Malware-Gen. I looked at the log and there was only one file infected. I tried to move it to the chest and repair it, but I got “Error: Access is denied. (5)” So, I scanned with MBAM and it came up with absolutely nothing. Avast’s location of the file says: C:\Program Files\Pando Networks\Media Booster\uninst.exe And the threat is rated as “High”.
Don’t rush, especially if this has been on your system for some time (check the file properties) ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below. Or in your case from the original location so you would need to copy the file from the original location to a temporary one, see below.
avast5 - Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.
Only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
In the meantime (if you accept the risk), add it to the exclusions lists: File System Shield, Expert Settings, Exclusions, Add and avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
I don’t even remember when it got downloaded or what it does, really. I looked it up online and some people say it is spyware, but McAfee Site Advisor says it is a green download. And on the Advisor site it had a link to one of the games I once downloaded. It isn’t a needed program. Can’t I just delete it somehow and be rid of it?
Of course you could just delete it or uninstall the program if as you say you don’t use it, but that really isn’t the best thing to do.
By sending the sample to avast and the detection corrected, it not only resolves your problem but also helps every other avast user that might be using the same program and improves detection.
Thanks, hopefully it won’t be long for it to be corrected.
Periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Well it wasn’t that long ago that it was submitted, late last night. If you have this file in the chest, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Have you got the latest virus definitions and nave you scanned the file again as that really is the easiest way to tell of its progress, other than avast are usually quite quick to correct any FP once identified.
Thanks DavidR. Yes, it’s in the chest, virus definitions have been updated, and it’s still scanning as infected. I’ll keep an eye on it as you suggest.
Then it isn’t the same file, not all detections by the malware-gen signature are going to be the same as the signature is generic, trying to identify multiple variants of a malware type.
You need to upload your file to virustotal and then post the URL in the results window.
Well the md5 that you gave D41D8CD98F00B204E9800998ECF8427E is actually = to a zero byte file size (see image), so that can’t be used for comparison.
avast didn’t interfere with the md5 hash, but what might have happened is that avast alerted on the movement to a temporary location and actually blocked the upload resulting in a 0 byte file size.
That is why I gave the information in Reply #1 of this topic (see below) on how to create a temp location and exclude it from scans so it doesn’t interfere with the VT upload.
Hello Guys,
I’m Peter from Pando Networks support here to chime in on some elements of the thread. PMB is a application used to assist with game downloads, video playback and other functions using our P2P network. You can read more about PMB here:
The correct MD5 for the latest version of PMB should be:
b2c223c971c44dcbe14da9f08c1f705c
We have verified that the error is with our older version of PMB, and will contact Avast to clear up the false positive . In the meantime you can drag and drop this file over the existing uninst.exe file: