I tried putting it in the chest, I’ve tried deleting, but Avast at the end of the scan tells me it can’t due to wrong file type or something to that extent.
Malwarebytes, came up with nothing
Threatfire, came up with nothing
Superantivirus, came up with nothing
Spywaredoctor, listed a bunch of stuff but I’d have to pay to remove, So I don’t really trust that software.
Ad-aware, came up with nothing
I even used Eusing free registry cleaner but did not find anything listing AOsmtp.dll
If you have installed this AOSMTP.dll and you have ContactManager or Gecko Mail then the file is legit,
you can check up the dll against the information here: http://help.geckosoftware.com/support_forum/viewtopic.php?t=2537
In mentioned case this is a FP from avast av and you can make an exclusion for this dll, and wait until the FP is no longer there in a coming iAVS-update,
In other cases it is malcode and should be treated like described below:
Aosmtp.dll is Troj/Banker-DIO: re: http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankerdio.html
Related files:
%Temp%\data.inf
%System%\aosmtp.dll
%System%\azip32.dll
%System%\cshost.exe
%System%\cshost.ini
%System%\ijl11.dll
%System%\lovecard.scr
%System%\spooll.exe
Kill the file aosmtp.dll and remove aosmtp.dll from Windows startup.
To get a second opinion, you can check the flagged dll aosmtp.dll agsinst virustotal.com and report the results here to see if it is indeed a false positive,
Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.
Hello, and thanks for the response! To my knowledge I never installed any aosmtp.dll. I also do not have gecko mail. I’m not sure what “contact manager” is, but if it is related to msn live, then I have that.
I also just downloaded and ran Trend micro hijackthis, but did not see anything listing aosmtp.dll. I have a log of it but would rather not post it out in the open. Could I send a message privately to you with the log?
In regards to the second response, I’ll look into what you have suggested right now. Thanks again!
Thanks for the avast specific addenda to the above postings, we should have a sticky for that to point out at, but you did that more or less with your links,
I’m not an expert on HijackThis… But you can check the automatic analysis of your HijackThis log here.
You can find more info in the links of the last column of this table.
That info could guide you on the cleaning process.
Anyway, if you have doubts, just post here.
Also, take a careful look at the first column of the table:
If you don’t recognize a legit program in one of the items marked as FIX IF UNKNOWN, please post it back here and maybe we can help you. Or, if you’re sure it’s a malware item, you can remove it as posted bellow.
If you agree with the automatic classification of the infected items marked as FIX (CHECK NOTES!), you can turn back to HijackThis program, check the box of this item and then remove it using the button ‘Fix checked’.
Hope it helps.
If you want to do it by yourself, click here to download HJTsetup.exe
[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
End report when I tried to put in a chest or delete it…
c:\System Volume Information.…\AOSMTP.dll Infection:Win32 Trojan-gen{Other} Error occurred during moving file to chest: The operation is not supported for this file type of archive.
c:\System Volume Information.…\AOSMTP.dll Infection:Win32 Trojan-gen{Other} Error occurred during file deleting: The operation is not supported for this type of archive.
I double clicked on the System Volume Information folder and I got an access is denied pop up. I cant even upload it to allow one of those links to examine it. Windows wont let me.