system
1
Yesterday I started getting reports that winsrv.dll is infected with WIN32:Malware-gen. If I manually scan the file it says it is OK, but the real time shields report this virus, and automatically move it to the Virus Chest.
I am quite sure this is an uncorrupted file as distributed by Microsoft.
Pondus
2
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
alternative
Jotti http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
Metascan http://www.metascan-online.com/
system
3
Pondus
4
it may be that they are on different update…one does not have the latest yet ???
The file is more then 2 month old at VT
First seen: 2011-08-09 17:48:02
Last seen : 2011-10-24 13:53:09
sigcheck:
publisher…: Microsoft Corporation
copyright…: (c) Microsoft Corporation. All rights reserved.
product…: Microsoft_ Windows_ Operating System
description…: Windows Server DLL
original name: winsrv.dll
internal name: winsrv
file version.: 5.1.2600.6125 (xpsp_sp3_gdr.110620-1711)
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
Pondus
5
If you want a analysis result you can upload to Avira or Sophos…or both, then you recive the result in mail
Avira http://analysis.avira.com/samples/
Sophos https://secure.sophos.com/support/samples
system
6
I’m confident the file is clean.
Avast needs to correct their detection.
igor0
7
The detection is not there for a while already - please make sure you’re using the latest definitions.
system
9
Igor:
The problem was happening with the def intions which were current yesterday. However, when I tried today, it seems to be OK - not flagging as infected.
As noted, when I scanned the file it showed as being not infected. However, when accessing the file with Real Time Shields enabled, it would quarantine it. (My shield settings may be more strict than the default.)
It looks like the problem was fixed in today’s release. If it occurs again, I will re-post.
Thanks.