hi all, i ran a manual scan using avast 5 and it picked up this threat
avast! : File “C:\WINDOWS$NtServicePackUninstall$\termsrv.dll” is infected by “Win32:Malware-gen” virus.
“Quick scan” task used
Version of current VPS file is 101013-1, 10/13/2010

i checked the virus file using google but their are conflicting reports, some say that it is as a false/positive alert while others report it as a genuine virus file?
i hope i have done the right thing by moving the file into the virus chest?
i would be grateful if someone could offer some help/advice, firstly is it really a genuine virus or could it be a false/positive alert, secondly what actions should i take next?

my o/s is xp pro service pack 3
using avast5 defination 101014-0 version 5.0.667

just one other thing:- i ran the manual scan straight after downloading/installing the latest microsoft xp security updates 13/10/2010, prior to that my system had been reporting 0 infections. i dunno if it has any relevance to this issue, but i thought it might help?

thank you in advance

upload the file to www.virustotal.com and test it with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here

hi pondus, sorry but i cant seem to find avasts virus chest! where will the file be located?

As requested, this is the information virus total supplied

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: c29a5286e64d97385178452d5f307b98
Date first seen: 2009-03-31 15:54:23 (UTC)
Date last seen: 2010-10-14 10:19:06 (UTC)
Detection ratio: 0/43

File name:
termsrv.dll
Submission date:
2010-10-14 12:36:16 (UTC)
Current status:
finished
Result:
0 /42 (0.0%)

This is weird ??? I restored the file C:\WINDOWS$NtServicePackUninstall$\termsrv.dll from the virus chest and uploaded it to VirusTotal results shown above.
Then I ran a full system scan using Avast but on this occassion the file wasn’t detected as a virus I’m now confused??? any ideas?

when you upload click the button reanalyse if it has been analysed before then copy the URL and post it here

Then I ran a full system scan using Avast but on this occassion the file wasn’t detected as a virus I'm now confused??? any ideas?

Hi Pondus, This is the URL http://www.virustotal.com/file-scan/report.html?id=aa8c01388ed42856b2791aa1a328b945ee06799dfa299ce0a14c33873385f5af-1287070430

The first scan was done with def 101013-1 virus detected!
The second scan which showed clean was done after avast had updated to def 101014-1

Thanks for your help!

I had the same threat (details from scan below) come up but only through a “boot-time scan”, then when I hit to delete it asked if I was sure because it was a windows file so I selected “move to chest” instead, but it then came back with “error:the system cannot find the file specified (2)”. Is this something to be worried about? I just did a bunch of Windows Auto updates recently and not sure if this had an effect? Please help!

File Name: C:\WINDOWS$NtServicePackUninstall$\termsrv.dll
Severity: High
Status: Threat:Win32:Malware-gen
Action: Move to Chest
Result: Error:The system cannot find the specified file (2)

I restored the file termsrv.dll after Avast had updated to defs 101014-1 I then ran a full system scan and the results showed clean ??? Maybe a more experienced member will be able to explain the virus-total analysis report? sorry mate I’m just a noob

Maybe a more experienced member will be able to explain the virus-total analysis report? sorry mate I'm just a noob