Many users are reaching us with queries after detecting a suspicious file called FileRepMalware by their third party antivirus. There are two third-party antivirus suites known to detect this potential security threat – AVG and Avast. This issue does not seem to be specific to a certain Windows version since it was confirmed to be on Windows 7, Windows 8.1 and Windows 10.
What is FileRepMalware?
FileRepMalware is simply a tag that many 3rd party antivirus suites will assign to a file. It is often associated with a fraudulent KMSPICO – a 3-party tool used to activate Windows without having to purchase an OS. This security threat has been present for many years now – it was previously called Win32: Evo-gen [dubious].
In the case of avast, a file will receive the FileRepMalware tag if all of the following conditions are met:
File not added to antivirus cleanset
The file is not signed by any publisher or does not rely on an AV signature.
The file is not prevalent enough – meaning that not enough users have tried to download, launch, or use the file yet.
Note: If we are talking about the DomainRepMalware tag, there is a fourth condition that needs to be met:
Domain is not common enough – which means that not enough users have downloaded files from that domain yet
If the security threat is genuine, FileRepMalware is not the most dangerous malware out of the bunch. Security researchers are saying that the malware is only able to install adware on infected PCs and does not have Trojan capabilities.
Is the FileRepMalware Security Threat Real?
Many third-party antivirus suites have been known to mark this particular file as suspicious, but this does not mean that the threat is real. Avast and AVG are notorious for triggering infamous positivity when it comes to analyzing files that are allegedly infected with the FilePerwareware virus.
Avast will assign the FileRepMalware tag to a file as a warning in situations where many Avast users have not downloaded, installed, or used the file. So while it doesn’t say anything about how dangerous the file is, it gives you an idea of how popular the file is among other users.
In most cases, this tag is given to a file when it has a low reputation score. This usually happens with torn applications, but can also occur with valid files due to a false positive.
If you suspect that you are dealing with a false positive, the fastest way to determine if the threat is real is to upload the file to VirusTotal. This malware aggregator will test the suspicious file with a 50+ malware scanner to find out if the file is indeed infected.
To test the file with VirusTotal, go to this link (here), click on Choose File, then select the file that is being flagged, solve your third party antivirus virus. Then, wait until the result is displayed and see the result.
In this particular case, the file we analyzed is definitely not infected because the file is not being marked by any of the security scanners used on the test.
As a rule of thumb, if the number of file detection security engines as infected is below 15, there is a very high probability that you are working with a false positive – even more so. There is a possibility if part of the file in question is a crack or something similar.
How to remove FileRepMalware
If the VirusTotal scan above indicates that the file is indeed a security threat and not a false positive, you should take the appropriate steps to ensure that you completely remove the virus infection. To do this, you will need a reliable security scanner.
Based on our investigation and personal experience, Malwarebeats is one of the most reliable security scanners that can be used for free. Follow this article (download here and install Malwarebytes to use it to perform a deep scan on your computer to ensure that any infected files are removed).
However, if the VirusTotal scan showed that the file is indeed a false positive, then you will need to take a different approach. If this scenario is applicable, you should be able to resolve the problem by updating your AV to the latest version. Typically, when a new file is incorrectly labeled with FileRepMalware, the next security update will whitelist the file so that the false positive does not occur again.
Whenever a new virus database signature is available, both Avast and AVG will automatically update. However, manual user modification or other third party applications may prevent this capability. If you feel that your AV client does not update by itself, go to this link (here) for Avast or it (here) to update your security suite to the latest version for AVG.
In the event that you still get false positives even after updating to the latest, virus signature version with FileRepMalware, a quick way to solve the problem is to move to a different antivirus suite. Or better yet, uninstall the current 3rd party suite and start using the built-in security suite (Windows Defender).
If you decide to uninstall your current third-party suite, this article (here) will teach you how to do this quickly and efficiently while leaving behind any leftist files.