Some people have reported problems after their antivirus programs found a potentially threatening file called “FileRepMalware“.
Avast and AVG seem to be equally responsive to picking up this suspicious file, although it has happened on various Windows platforms including Windows 7, 8.1 and also 10.
The word ‘malware’ is never reassuring in a file name, but FileRepMalware is just a tag that some antivirus programs allocate to files.
It is frequently linked with a third party tool called KMSPIBO which can activate Windows without having to buy the operating system. This threat has been around for a few years and used to be known as Win32:Evo-gen[Susp].
When does FileRepMalware occur?
If you are using Avast antispyware, you will see a file with this tag if all these conditions are met:
- The file hasn’t been added to the Antivirus cleanset.
- The file isn’t signed by any publisher or the antivirus program does not trust the signature.
If you are seeing the DomainRepMalware tag, then there is a fourth condition too, which is:
- The file isn’t well known, which means only a few users have tried to download, launch or use the file
If it turns out to be a real security threat, then FileRepMalware isn’t too bad compared to some others.
This malware can only install annoying adware and can’t operate as IDP viruses (Trojan) or perform identity theft etc.
Is FileRepMalware Dangerous?
Just because an antivirus program flags a file as being suspicious doesn’t mean it really is. AVG and Avast are especially notorious for giving many false positives when analyzing files which might have the FileRepMalware virus.
If very few users have downloaded or installed or used a file, then Avast will give the file the FileRepMalware tag as a warning.
This tells you about how popular that particular file might be (or not be) but doesn’t say much about its safety.
If this tag is allocated, it might be because the file has a poor reputation score. This can happen with a cracked app but it can also be a false positive by a legitimate file.
How To Know If FileRepMalware Is A Real Threat?
So how can you tell if it is a real threat or a false positive?
The simplest way is to go to the VirusTotal website and upload the file in question (the file will then be tested with more than fifty malware scanners to find out if it is infected or safe).
- Navigate to VirusTotal and click on “Choose file“.
- Upload the suspicious file which your antivirus program flagged.
- Wait for the malware aggregator to show the results.
Typically if fewer than 15 security engines say the file is infected, it is likely you have a false positive, especially if the file is part of an application crack or something else like that.
How to Remove FileRepMalware?
Did the VirusTotal scan show you have a genuine threat instead of a false positive? If so, you will need to make sure the virus is completely eradicated.
You will need a security scanner for this, preferably a reliable one.
Malwarebytes is an example of a reliable scanner and you can get it for free. Once installed, you should run a Deep Scan which will remove the infected files.
If your TotalVirus scan showed the file is a false positive, then you should simply update your antivirus.
When a file gets labeled wrongly with FileRepMalware, it will be whitelisted in the next update. That way, the false positive will not show up again.
AVG and Avast both update automatically if there is a new virus database signature. Sometimes though a third party app or manual user mod can stop this from happening, in which case you will need to update the security suite manually.
If you find you are still getting these false positives even after updating your AV program, you might want to change over and try a different antivirus program.