VBS:Malware-gen in boinc_mmap_file & FGRPopencl-nvidia-mav?
22 Feb 2017 3:38:07 UTC
Topic 205638
(moderation:
Suddenly today my antivirus is kicking out VBS:Malware-gen warnings and has quarantined boinc_mmap_file and FGRPopencl-nvidia-mav files.
These are the only files that seem to be affected. I was wondering if this is something purely on my end (I haven't downloaded or installed anything for quite a while) or if the files are coming down infected from the server.
Has anyone seen anything like this before?
More information: It seems
)
More information:
It seems that some antivirus apps are prone to false positives for this kind of malware. http://www.mac-forums.com/security-awareness/308434-mac-malware-vbs-malware-gen.html
Even so, I would prefer to check it out.
Boinc in general and the
)
Boinc in general and the projects data should always be excluded from anti-virus and malware scans.
Jonathan Jeckell wrote:More
)
The easy answer is to exclude the Boinc set of directories thereby eliminating any false positives , any REAL virus though will try to infect other parts of your pc and get caught.
I reported the files that got
)
I reported the files that got flagged to the vendor and they are analyzing them. One of the two came back all clear almost immediately, so it looks like a false positive.
I hope you are right that
)
I hope you are right that they are false positives !
Because two days ago i also got several warnings from my anti-virus program Avast (on my Mac).
Avast blocked the infections and placed them in the Vault.
Several files were infected, not only Einstein but also Seti@home files.
Other downloaded new tasks were not marked as infected, very strange !
Does anyone know something more about this subject ? Please a little help and explanation.
This kind of false positive
)
This kind of false positive flagging happens when the AV vendor introduces new signatures or uses a new heuristic. The malware name in this case (and many others) "VBS:Malware-gen" means that some heuristic classified the file as potential generic malware. Different vendors use different names but they usually call it gen or generic. The goal of those generic heuristics is to find new malware and develop a signature for it.
It is also possible that the content of the scientific datafiles resembles a malware signature or triggers this generic heuristics. That's the reason why some datafiles are marked as suspicious and some not.
If the files in question do not contain personal or sensitive information you can upload them to www.virustotal.com which checks them with several different AV scanners.