Win32:Spyware-gen

Viruses and worms
1

OK I have been on here researching for 5 hours and getting seriously frustrated. All of a sudden today when I went to open a game which has been on here for 3 years I am notified Avast is putting it in the chest because of the above. I have found a few threads here about this but cannot seem to follow the procedures because too much other stuff thrown in there.
I am running Vista.
Housecall says clean.
Can someone please advise. Sorry if I seem dumb… I am when it comes to this stuff. Thanks to Avast I rarely have any problems.

also is OK to post the Hijack this reports here? I have NO clue what any of it means.

[ArcaVir]
2010-12-07 Found nothing
[G DATA]
2010-12-07 Win32:Spyware-gen
[Avast! antivirus]
2010-12-07 Win32:Spyware-gen
[Ikarus]
2010-12-07 Found nothing
[Grisoft AVG Anti-Virus]
2010-12-07 Found nothing
[Kaspersky Anti-Virus]
2010-12-07 Found nothing
[Avira AntiVir]
2010-12-07 Found nothing
[ESET NOD32]
2010-12-07 Found nothing
[Softwin BitDefender]
2010-12-07 Found nothing
[Panda Antivirus]
2010-12-07 Found nothing
[ClamAV]
2010-12-07 Found nothing
[Quick Heal]
2010-12-07 Found nothing
[CPsecure]
2010-12-07 Found nothing
[Sophos]
2010-12-07 Found nothing
[Dr.Web]
2010-12-07 Found nothing
[VirusBlokAda VBA32]
2010-12-07 Found nothing
[Frisk F-Prot Antivirus]
2010-12-06 Found nothing
[VirusBuster]
2010-12-07 Found nothing
[F-Secure Anti-Virus]
2010-12-07 Found nothing

2

Hi BuckeyeKat, welcome to the forum :slight_smile:

That appears to be part of a virustotal log?
Do you have the full link, and the filename and path?

Scott

3

1.Try dr.web cure it! from here
http://www.freedrweb.com/cureit/?lng=en
2.Scan you PC with MBAM
http://www.malwarebytes.org/mbam.php
3.After cleaning system with Dr.web and MBAM post a hijack hunter log"attach"
http://www.novirusthanks.org/products/hijack-hunter/

4

That is not a HijacThis log but looks like a copy and paste from VirusTotal…am i correct

and from what i can see it is only avast! and GData detecting (GData is using avast virus engine) so probably a False Positive

5

What is the game ?
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

It may be something that the game does, gather stats/data that may be misinterpreted.

The Win32:Spyware-gen is a generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

Send the sample to avast as a possible False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

  • In the meantime (if you accept the risk), add the full path to the file to the exclusions lists:
    File System Shield, Expert Settings, Exclusions, Add and
    avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

6

Hey and Welcome!

I would also recommend you to make a full system scan with superantispyware.

What game do you want to run?

Regards,
Tenko

7

OK everything says clean…

superantispyware
dr.web cure
MBAM

I did submit to Avast
and did what davidR suggested.

The file is a game called Feeding Frenzy which has been fine up until this am

C:\Users\Mom\Documents\game\feedingfrenzy 2*

8

So are you saying that everything including avast now comes up on the VT results ?

If so it means that avast no longer considers it spyware, e.g. an FP which has been corrected, so you should ensure that you have the latest virus definitions update and scan the file again within the virus chest.

Or do you mean that now it is in the chest all scans local system come up clean ?