Several users have come to us with questions after their third-party antivirus detected a suspicious file called FileRepMalware.. There are two sets of third-party antivirus that are known to detect this potential security threat.: AVG y Avast. The problem does not appear to be specific to a certain version of Windows, as it has been confirmed to occur in Windows 7, Windows 8.1 and Windows 10.
What is FileRepMalware?
FileRepMalware is simply a label that various third-party antivirus suites will assign to a file. It is often associated with a malicious KMSPICO, a third-party tool used to activate Windows without purchasing the operating system. This security threat has existed for several years. It was previously called Win32: Evo-gen [Susp].
In the case of Avast, a file will be tagged as FileRepMalware if all of the following conditions are met:
-
The file is not added to the antivirus cleanup
-
The file is not signed by any publisher or the AV does not trust the signature.
-
The file is not frequent enough, which means that not enough users have tried to download it yet, start it or use it.
Note: If we are talking about the DomainRepMalware tag, there is a fourth condition that must be met:
-
Dominance is not frequent enough, which means that not enough users have downloaded files from that domain yet.
If the security threat is real, FileRepMalware is not the most dangerous malware of the bunch. Security researchers say that the malware is only capable of installing adware on the infected PC and has no Trojan capabilities.
Is FileRepMalware's Security Threat Real?
Various third-party antivirus suites have been known to flag this particular file as suspicious, but that doesn't mean the threat is real. Avast and AVG are known to generate many false positives when it comes to scanning files supposedly infected with the FileRepMalware virus..
Avast will assign the FileRepMalware label to a file as a warning in situations where not many Avast users have downloaded, installed or used file. Then, although it says nothing about how dangerous the file is, gives you an idea of how popular the file is among other users.
In most cases, this tag is assigned to a file when it has a low reputation score. This usually happens with cracked applications, but it can also happen with legitimate files due to false positive.
If you suspect you may be dealing with a false positive, the quickest way to determine if the threat is real is to upload the file to VirusTotal. This malware aggregator will scan the suspicious file with more than 50 malware scanners to find out if the file is really infected or not.
To test the file with VirusTotal, visit this link (here), click on Choose file and then select the file that is being flagged in your third-party antivirus solution. Then wait until the results are displayed and see the results.
In this particular case, the file we are analyzing is not infected, as no security scanner used in the test marks it.
As a general rule, if the number of security engines that detect the file as infected is less than 15, there is a very high probability that it is a false positive; this is even more likely if the file in question is part of a crack or something similar.
How to remove FileRepMalware
If your previous VirusTotal analysis revealed that the file is indeed a security threat and not a false positive, you need to take appropriate measures to ensure that the virus infection is completely removed. To do this, you will need a reliable security scanner.
Based on our research and personal experience, Malwarebytes is one of the most reliable security scanners that can be used for free. Follow this article (here) to download and install Malwarebytes and use it to perform a deep scan on your computer to make sure infected files are removed.
Nevertheless, if VirusTotal analysis revealed that the file is actually a false positive, will have to take a different approach. If this scenario is applicable, you should be able to solve the problem by updating your AV to the latest version. In general, when a new file is falsely tagged with FileRepMalware, the next security update will whitelist the file so the false positive doesn't happen again.
Both Avast and AVG will update automatically when a new virus database signature is available. Nevertheless, a manual modification by the user or another third-party application could inhibit this ability. If you find that your AV client does not update itself, visit this link (here) to wide the east (here) for AVG to update your security package to the latest version.
In the event that you keep getting a false positive with FileRepMalware even after updating your virus signature version to the latest, a quick way to solve the problem is to switch to a different antivirus. Or better yet, uninstall the current third-party suite and start using the built-in security suite (Windows Defender).
If you decide to uninstall your current third-party suite, this article (here) will teach you how to do it quickly and efficiently without leaving any leftover files.
