Sign in to follow this  
mjcatt

Real-time quarantine of Avast file for Trojan.Win32.Generic.pak!cobra

Recommended Posts

AdAware real-time scanner quarantines files of type C:\Windows\Temp\_avast\unp[i]<number>[/i].tmp with
Threat level: HIGH
Name: Trojan.Win32.Generic.pak!cobra
Category: Trojan

After quarantine, I typically delete the quarantined item and then a new one shows up within a week or so. I'm not sure if a repeating infection is occuring of if a false positive is reported as avast pushes updates. However, I would have thought that if this is a false positive resulting from an Avast push, it would occur more frequently - at least once a day - since Avast updates its definitions frequently.

Is this a false positive for a definition provided by Avast?

AdAware version: Ad-Aware Free Antivirus + version 10.0.185.3207
Avast verson: avast! Free Antivirus 7.0.1456
OS: Windows 7 Home Premium SP 1, 64 bit

Scan log file and quarantine file are attached.

I haven't found reference to this particular finding in either Ad-Aware or Avast forums. Any comments or suggestions for further investigation would be appreciated.

Thanks.

Share this post


Link to post
Share on other sites
Hi,

According to the VirusTotal multiscanner this file (MD5: 4FDD4F9F3B99A2E1132D2DA8CFF63285) is detected by the most of AVs as Fake-AV:
[url="https://www.virustotal.com/file/a29ab6b418794770c3353e09c6855eff7a9e7e740289aefb9b00f5c92fb8345a/analysis/"]https://www.virustotal.com/file/a29ab6b418794770c3353e09c6855eff7a9e7e740289aefb9b00f5c92fb8345a/analysis/[/url]

Alex,
Lavasoft Malware Lab

Share this post


Link to post
Share on other sites
Thanks Alex,
So Ad-Aware real-time scanner is doing a great job since I have never encountered a single fake scare popup message.
Mark

Share this post


Link to post
Share on other sites
Hi Mark,

You can read about the folder and file on http://forum.avast.com/index.php?topic=56153.0
Something that Avast creates while scanning.

Share this post


Link to post
Share on other sites
Sign in to follow this