Avast! Detecting Thousands of ‘VBS:Malware-gen’ Threats

By Published February 22, 2017 at 7:54 am
  •  

GamersNexus received a tip from one of its readers regarding anti-virus utility Avast! detecting “VBS:Malware-gen” threats on seemingly random websites. We’ve independently corroborated this report and have encountered VBS:Malware-gen threat warnings on numerous sites, including Twitch.tv, Amazon, Reddit, and (at something of a random cycle) seemingly every other website. Upon running a scan of the system, Avast! will locate hundreds, if not thousands, of files which are allegedly infected by this VBS:Malware-gen threat. Some of these files include critical system .dlls and program files that will break major components of installs if quarantined or deleted. Do not begin deleting or quarantining files en masse as a result of this threat detection.

We are nearly fully confident that this is a false positive, though we’re not sure what precisely the issue is. A few forum posts have popped-up in the past few days regarding this issue, for instance:

It seems that an Avast VPS update (VPS 170222) has removed these threat pop-ups, which further lead us to believe most issues explained by users are false positives. Given the breadth and sheer quantity of allegedly infected files, this makes sense – Avast has been detecting thousands of files on some “infected” systems, all the way down to software-level errata (like Gimp or Photoshop) and to system DLLs.

To fix this problem, update to Avast! VPS 170222 or simply ignore the detected threats that meet these same conditions.

Note: Some users reported that AVG also encountered this. We are not sure if there is any relationship between AVG and Avast which may share definitions or updates.

Of course, it’s always possible that there is an infection on your system, but this newest wave of reports seems safe to ignore for the vast majority of those encountering the threat.

- Steve Burke

Steve Burke

Steve started GamersNexus back when it was just a cool name, and now it's grown into an expansive website with an overwhelming amount of features. He recalls his first difficult decision with GN's direction: "I didn't know whether or not I wanted 'Gamers' to have a possessive apostrophe -- I mean, grammatically it should, but I didn't like it in the name. It was ugly. I also had people who were typing apostrophes into the address bar - sigh. It made sense to just leave it as 'Gamers.'"

First world problems, Steve. First world problems.

We moderate comments on a ~24~48 hour cycle. There will be some delay after submitting a comment.

Advertisement:

  VigLink badge