A couple of weeks ago I moved a virus to the chest. Then two days ago, I rescanned the virus in the chest and now the status is that it’s no longer a virus. Below is the information after the rescan.
Original file name: sporder.dll
Original folder: C:\WINDOWS\SYSTEM32
Category: Infected files
Virus description: No virus
Do I click the restore button or should I delete the file? Thanks, Megaman
sporder.dll could be a WinSock2 reorder service providers (a module associated with Windows 2000) or a Backdoor Trojan.Riler.B.
It is a system file that does NOT contain the malicious code but it’s used by the trojan in order to work.
Are you using Windows 2k? I have XP and don’t have this file in my computer…
Which other security applications do you use?
If you Google you’ll find some false positives related to sporder.dll.
I’m using XP and I installed Ad-Aware SE, Spybot-Search & Destroy, and CWShredder.
In a previous post, oldman said to restore it and supplied a website. I checked the website and it encouraged re-installation. Should I re-install sporder.dll? I was thinking of deleting it from the chest. Thanks, Megaman
With a file in the chest if it were essential your system could already be working in a negative way because the file isn’t where is should be and because the chest is a protected area, nothing can run inside there or access files stored there (other than avast).
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Eight days have passed, so should I restore them now or wait another six days? To be frank, I’m cautious about restoring the above files; I’d rather delete them instead. I’ve never restored a file from the chest. The ones that remained infected after two weeks I’ve always deleted - that’s understandable. But the ones that have changed to a “no virus” status I’ve deleted those too. Thanks, Megaman
I suggested a few weeks in my reply, before rescanning them ‘in the chest’ the ones still infected should be fine to delete, but there is no requirement to do so, they can do no harm there and the longer you leave them, a month or more even, before rescanning and deletion if necessary.
There really is no rush, my suggestion of three weeks was basically to stop some people who would send something to the chest and virtually delete it from the chest right away. Had they left it there for a reasonable time it might turn out to be declared np-virus on rescan.
The ones with no virus were most likely a false positive detection that has either been checked at virustotal or jotti and found that only avast detected it, that sample then got submitted as a possible FP and the VPS corrected. So you decide what to do there shouldn’t be a problem in restoring those after further investigation.
I wouldn’t have worried about this one at all as part of the C:\System Volume Information, I would probably have disabled system restore and rebooted, clearing ALL restore points. So I wouldn’t put it back, I would delete it.
You know what the purpose of the leaktest.exe was so there is no problem in restoring it, assuming you want to keep it.
sporder.dll as google searches found there were multiple different hits some saying it was a legit program others that it may be malware, again this would have been submitted and after analysis the VPS was corrected.