1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Avast -- questionable finds

Discussion in 'General Security' started by DKTaber, Nov 14, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. DKTaber

    DKTaber Thread Starter

    Joined:
    Oct 26, 2001
    Messages:
    2,871
    My AV is Avast (free). I've had it for a couple of years and have not been infected with ANYTHING – virus/worm/Trojan/spyware – in that time. . . until yesterday. Avast is scheduled to run a quick scan every Sunday at noon, and this time found "Malware-gen" in 3 files:

    · igfxpers.exe in the \Intel\GFX_XP32_14.37.1.5029_PV_Intel\Graphics folder
    · igfxpers.exe in the \Windows\system32\DRVSTORE\igxp32_[long number]
    · A0006649.exe in the \System Volume Information\_restore{long number}\RP55

    Knowing that igfxpers.exe is a legitimate graphics driver for my Intel mobo, I had Avast move the files to the Chest, not delete them. I then ran full scans with Malwarebytes and SuperAntiSpyware, both updated. They found nothing.

    This morning I restored the two instances of igfxpers.exe to their original folders and ran a quick scan with Avast. It found no infected files. However, between yesterday and this morning, Avast was updated twice, so it's using an updated version of the pattern files, not the pattern files that identified igfxpers.exe as infected.

    I have reported this to Alwil as a false positive. My guess is that something was wrong with the pattern files that were in place when the Sunday noon scan was and subsequent updates fixed it. I'm curious to know if anyone else encountered this bizarre finding and what, if anything, they did about it.
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Malware will often infect legitimate files. It doesn't necessarily mean it's your case. However, to be sure, you might want to send the files to:

    Jotti's Malware Scan

    or,

    VirusTotal
     
  3. DKTaber

    DKTaber Thread Starter

    Joined:
    Oct 26, 2001
    Messages:
    2,871
    Well, Jotti said that only one AV program identified it as infected -- Avast. Virus Total, which also scanned it with Avast, said none of the 42 programs found anything, and Avast on MY COMPUTER now also does not find any malware.

    So where does that leave me?
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Looks like a false positive to me.

    Jotti's Avast possibly didn't have the latest definitions from Avast.
     
  5. DKTaber

    DKTaber Thread Starter

    Joined:
    Oct 26, 2001
    Messages:
    2,871
    That's what I think, and I submitted it to Avast as a false positive. Haven't had a response from them, but it's interesting that after a couple of pattern file updates, Avast no longer identifies it as infected. It suggests that between yesterday and today, Alwil discovered the error and fixed it. I was probably only one of many who bugged them about it.

    Another clue: The last date of change for the infected files was 1/26/09 -- just under 3 years ago. If a virus had somehow attached itself to the file, wouldn't it change the last change date?
     
  6. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Probably but it's hard to tell how malware is infecting those files. Will it always change that date and be easily recognizable? Good question.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Avast questionable finds
  1. aj-dalton
    Replies:
    7
    Views:
    2,541
  2. xerses
    Replies:
    12
    Views:
    3,891
  3. Jamilwi
    Replies:
    6
    Views:
    6,826
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026854

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice