Avast detected the DSCE Demo virus on my wife’s system. It was in the file riched32.dll that belongs in the C:\Windows\System32 folder. The file riched32.dll got sent to the Virus Chest. It did pop up a window that said that a system file had changed and to insert the Win XP CD at the same time the virus was detected. My question is do I need to replace this file as it appears to be missing. From what I found out with a Google Search is that it is a Rich Text Editor file that is a wrapper for riched20.dll whatever that means. Any input would be greatly appreciated. Thanks!!
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
FWIW … avast scanning of the riched32.dll and riched20.dll in the C:\Windows\System32 folder of my system reports no virus found.
Interesting, I have just done my weekly on-demand scan and no detections, I have just done a quick scan of both files also and no detections.
I think I will try to locate the file riched32.dll on the XP CD and put it in the C:\Windows\System32 folder. My wife tried to open a Picture it Publishing file and said she received a message about putting in the CD for Picture It but he said she could open this file without the CD in the past. I’m still not sure what actually went on with the whole deal? She received a .wps document in a email when this took place. Thanks for the input, I appreciate it very much.
I copied the riched32.dll from my system over to her’s and all seems fine now!!
From what I read about the DSCE Demo it is quite an old virus. I wonder how it slipped through detection during the email scanning of avast?? Oh well I just thankful it caught it later. I still think avast is great and Number 1!! ;D