3 replies to this topic

[mjcatt]

AdAware real-time scanner quarantines files of type C:\Windows\Temp\_avast\unp<number>.tmp with
Threat level: HIGH
Name: Trojan.Win32.Generic.pak!cobra
Category: Trojan

After quarantine, I typically delete the quarantined item and then a new one shows up within a week or so. I'm not sure if a repeating infection is occuring of if a false positive is reported as avast pushes updates. However, I would have thought that if this is a false positive resulting from an Avast push, it would occur more frequently - at least once a day - since Avast updates its definitions frequently.

Is this a false positive for a definition provided by Avast?

AdAware version: Ad-Aware Free Antivirus + version 10.0.185.3207
Avast verson: avast! Free Antivirus 7.0.1456
OS: Windows 7 Home Premium SP 1, 64 bit

Scan log file and quarantine file are attached.

I haven't found reference to this particular finding in either Ad-Aware or Avast forums. Any comments or suggestions for further investigation would be appreciated.

Thanks.

Attached Files

•  5A88875A-4F1E-4C02-B7E8-0B76E902F374_ENC2.zip   1.8MB   1 downloads
•  QR1135CE1D-6C27-4618-936C-1A214640904B4657539.zip   1.04K   1 downloads

[LS Alex]

Hi,

According to the VirusTotal multiscanner this file (MD5: 4FDD4F9F3B99A2E1132D2DA8CFF63285) is detected by the most of AVs as Fake-AV:
https://www.virustot...8345a/analysis/

Alex,
Lavasoft Malware Lab

[mjcatt]

Thanks Alex,
So Ad-Aware real-time scanner is doing a great job since I have never encountered a single fake scare popup message.
Mark

[CeciliaB]

Hi Mark,

You can read about the folder and file on http://forum.avast.c...p?topic=56153.0
Something that Avast creates while scanning.