Win32:Maware-gen in Quicken\techhelp.exe False Positive or Infected?

Had an Avast warning today. Of all days it chose right after surgery so I got major vicodin in me. Please help.

It went off on a background scan apparently because I wasn’t on the computer and it wasn’t downloading.

I ran Avast on the file again and it came up with the same thing. I ran Malwarebytes on it and it didn’t show on that quick scan.

The file it says is infected is C:\ProgramFiles (x86) Quicken\techhelp.exe

Malware name is Win32:Malware-gen

I put Quicken on my computer about 2 weeks ago.

I scanned with Jotti and only Avast and G Data came up with it.

Is this a false positive?

I, too, received a warning that techhelp.exe in the Quicken folder was infected with Win32:Malware-gen, along with a restore file under system volume information. I appreciate any information on this.

I’ve gotten this warning for the first time today as well…

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

I too just received a notice from Avast that my techhelp.exe contained a virus on my 3 machines that I have Quicken installed on. I sent the file Avast. I also followed your directions and uploaded it to VirusTotal – it said 2 virus programs out of 41 showed it to be a virus - Avast and GData.

I’m waiting to hear back from Avast - if they respond.

Ted

I got the same warning from Avast on the same quicken file today.

Is there confirmation whether this is a false positive?

Has anyone tried uploading this to virustotal as that is the way to confirm one way or another.

First it has to be confirmed and reported to avast or at the very least reported.

See tcash19’s post above. Looks like he did all of that.

Hi,
it’s false positive and will be fixed in next VPS update.

Milos