Several users have been reaching us with questions after their 3rd party Antivirus detected a suspicious file named FileRepMalware. There are two 3rd party antivirus suites that are known to detect this potential security threat – AVG and Avast. The issue doesn’t seem to be specific to a certain Windows version since it’s confirmed to occur on Windows 7, Windows 8.1 and Windows 10.
What is FileRepMalware?
FileRepMalware is simply a tag that several 3rd party antivirus suites will assign to a file. It’s often associated with a fraudulent KMSPICO – a 3rd-party tool that is used to activate Windows without purchasing the OS. This security threat exists for several years now – It was previously called Win32:Evo-gen [Susp].
In Avast’s case, a file will receive the FileRepMalware tag if all of the following conditions are met:
- The file is not added to the Antivirus cleanset
- The file is not signed by any publisher or the AV doesn’t trust the signature.
- The file isn’t prevalent enough – meaning that not enough users have tried to download, launch or use the file yet
Note: If we’re talking about the DomainRepMalware tag, there’s a fourth condition that needs to be met:
- The domain is not prevalent enough – meaning that not enough users have downloaded files from that domain yet
If the security threat is real, FileRepMalware is not the most dangerous malware out of the bunch. Security researchers are saying that the malware is only capable of installing adware on the infected PC and has no trojan capabilities.
Is the FileRepMalware security threat real?
Several 3rd party antivirus suites are known to flag this particular file as suspicious, but that doesn’t mean that the threat is real. Avast and AVG are notoriously known for triggering a lot of false positives when it comes to analyzing files that are supposedly infected with the FileRepMalware virus.
Avast will assign the FileRepMalware tag to a file as a warning in situations where not many Avast users have downloaded, installed or used the file. So while it doesn’t say anything about how dangerous the file is, it gives you an idea on how popular the file is among other users.
In most cases, this tag is given to a file when it has a low reputation score. This typically happens with cracked applications but can also occur with legitimate files due to a false positive.
If you suspect that you might be dealing with a false positive, the quickest way to determine whether the threat is real is to upload the file to VirusTotal. This malware aggregator will test the suspicious file with 50+ malware scanners to figure out whether the file is actually infected or not.
To test the file with VirusTotal, visit this link (here), click on Choose file, then select the file that is being flagged bo your 3rd party AntiVirus solution. Then, wait until the results are displayed and see the results.
In this particular case, the file that we analyzed is certainly not infected since the file is not being flagged by any security scanners used on the test.
As a rule of thumb, if the number of security engines that detect the file as being infected is below 15, there’s a very high chance that you’re dealing with a false positive – This is even more likely if the file in question is part of a crack or something similar.
How to Remove FileRepMalware
If the VirusTotal scan you did above revealed that the file is actually a security threat and not a false positive, you should take the appropriate steps to ensure that you remove the virus infection completely. To do this, you’ll need a reliable security scanner.
Based on our investigations and personal experience, Malwarebytes is one of the most reliable security scanners that can be used for free. Follow this article (here) to download & install Malwarebytes and use it to perform a Deep Scan on your computer to ensure that any infected files are removed.
However, if the VirusTotal scan revealed that the file is indeed a false positive, you’ll need to take a different approach. If this scenario is applicable, you should be able to resolve the issue either by updating your AV to the latest version. Typically, when a new file is falsely labeled with the FileRepMalware, the next security update will whitelist the file so that the false positive doesn’t occur again.
Both Avast and AVG will update automatically whenever a newer virus database signature is available. However, a manual user modification or other 3rd party application might inhibit this ability. If you notice that your AV client doesn’t update by itself, visit this link (here) for avast or this one (here) for AVG to update your security suite to the latest version.
In the event that you still get false positive with the FileRepMalware even after updating the virus signature version to the latest, a quick way to resolve the issue is to move to a different antivirus suite. Or better yet, uninstall the current 3rd party suite and start using the built-in Security suite (Windows Defender).
If you decide to uninstall your current 3rd party suite, this article (here) will teach you how to do this fast and efficiently without leaving behind any leftover files.