C:\Acer\Empowering Technology\eRecovery\Autorun\ACER\TOOLS\SHELEXEC.EXE

My antivirus (Avira) picked this file up as a virus today (Trojan - TR/Dropper.Gen) and shoved it into the Quarantine area.

Normally I would just delete anything that comes up suspicious, but I'm a little worried about this one because it was found in my eRecovery folder and so could be important if I want to reformat at some point. Has anyone else had recent reports about this file - if so I guess it is a "false positive".

I have Avira Free, set to highest level of detection.

 

I had avast pick this up once. I just deleted it.

never had any use for empowering technology.

 

I had the same situation which also cropped up today.

Altho' I bought my Acer Aspire 5920 in July of this year (almost 3 months) and have been running Avira Anti Vir every week since then, today it produced exactly the same indication for a TR/Dropper.Gen Trojan in Acer Empowering eRecovery.

My first reaction was to quarantine it but as I have made a back up using the Acer eRecovery function I got worried that it might be needed in the future. I therefore restored it - in doing so I got the same warning as before but this time just ignored it.

Because of the circumstances I am treating it as a false positive but it would be re-assuring if some-one knowledgeable could confirm this.

Hope to hear something more definite !!

Many thanks !!

 

I think the file is safe, check ShelExec v1.17. Apparently it's an application used to call ShellExecute API. It can be used to create and customize "autorun" of a CD/DVD.

For example:

An autorun.inf file, with code like the above, burnt onto a CD/DVD, will launch index.html file as soon as the CD/DVD is loaded..

Now check the path of the OP:

 

"Bill", many thanks for your helpful response.

I am sure you are correct in saying the file in question is safe as I have now had the opportunity to scan my laptop with several different anti-malware programs with clean results.

Its fantastic that the top MS man is taking the time and trouble to help an ordinary Windows user !! I think you are genuinely really important !! And are you enjoying your holiday in Spain !!

Sorry for my peculiar sense of humour and thanks again !!

 

Hahahah at first when I started to read your post I was like "Wooh man what the...?"

No worries, glad to help

 

For the benefit of dannywanny and any others who use Avira Anti Vir, please have a look at the posting I initiated on the Avira forum about this False Positive (FP).

Unfortunately I am not allowed to provide you with a direct link as an URL but you will see the post today.

I am in the process of sending details to the Avira lab so they can fix the problem in one of their updates.

Meantime the file can be added to the exceptions list for scans using the procedure described in the Avira moderator's post. This will prevent the irritation of future unnecessary FP warnings.

 

Thanks all for your help ... it sounds as though we were safe all along, but better to ask around

I can't find your post on the Avira forums - only posts in German. I'll post again if I suddenly find it, but could you give me the name of the topic for example? Cheers

 

Hi dannywanny

Unfortunately for some reason the Avira forum has a system which prevents anyone from posting URLs unless they have accumulated at least 15 posts so I can't give you a direct link.

The title of the relevant post is:

False Positive for TR/Dropper.gen Trojan on C:\Acer\Empowering Technology\eRecovery\Autorun\ACER\TOOLS\SHELEXEC.EXE

It appears under the section Avira Support Forum > Anti Vir Personal - Free Anti Virus > Anti Vir Personal for Windows

If you google Avira Support Forum False Positive Dropper it appears as the 2nd item from the top.

I'm glad you made the first post on the Acer forum about this problem as it helped alleviate my worries as I had previously used the eRecovery function to make a back up and was reluctant to simply quarantine or delete the file in case I needed it later.

 

Ok thanks - found your post!

My file is still in quarantine and I will keep rescanning it until Avira updates the definitions so that it says it is finally clean!

Has your Avira recognised it as clean yet? My program updated twice today, but still no success... lol

 

I added the file to the exceptions list for Avira scanning.

With all the new viruses etc identified daily, I think it may take a few days for this FAlse Positive to work its way into the Avira update system especially as I only notified them late last night and since the weekend intervenes.

Will therefore remove the file from exceptions around middle of next week and conduct a scan to see what happens.

Meantime it will perhaps do no harm for you to also notify the Avira lab of the False Positive to make sure my identification does not get "lost" somewhere in Germany !!

The procedure for notifying the FP to the Avira lab is descibed in the Avira moderator's post and only takes a minute or two.