Started my daughter’s PC for the 1st time in 3months and the latest AVAST Pro (Build: 4.8.1229 - VPS: 19/09/2008 080919-0) is showing that c:\windows\system32\athcfg11res.dll (Atheros WiFi adapter driver) has a Win32:Trojan-gen(other) and is preventing my Atheros WiFi adapter from running.

I have scanned again with TrendMicro HouseCall and Kaspersky online scanners and they do not find any Virus in any of the Windows directories. Is this likely to be a false positive? It’s preventing the machine from getting on the net.

rgds McDirt

HI,

at first, sorry for my bad English :-).

I have the same prob. on my Notebook. Is it possible that the last update had a bug?

Thx

Cyber

Most probably a false positive. They usually correct false positives very soon.

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

Tech, many thanks for the reply. The problem still shows up after today’s Virus database update so sent the virus to VirusTotal (kewl) and it says that it is reported as a Virus by only AVAST!, GData & Ikarus and gives it a rating of 3/36. I take it that means it is almost certainly NOT a Virus.

I’ll send it to AVAST! for them to have a look at.

In the mean time, have added the file to the “ignore” list (thanks for the instructions) ad the machine now starts A OK 100%.

Thanks
rgds McDirt

Hi ,

I’ve got the same problem with my son computer, same error with :\windows\system32\athcfg11res.dll
for same Atheros Wifi adapter.

Could you provide me the instructions that we have to follow to add in “ignore list”?

Thanks

JM

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

avast and GData uses avast engine/virus database, so, most probably a false positive.
Ikarus has a lot of suspicious files either.

Thanks… wait for the next virus database update. Please, report back.

Good

See reply #2.

Hello,

I had the A0020304.dll come up yesterday in a very loud alarm that started me to death! LOL. I turned on my system today and Avast shows the athcfg11Res.dll. Both are listed in the scan as Trojans.

I am wondering if they are related and false as people are saying here? I have placed both in the virus vault, and everything is working fine. I never did get any interruptions in internet, or any weird suspicious behavior. Please if someone could let me know if these are indeed false positives or Trojans, as the program states? When I search the web, it says I have the win32 virus, to shut of system restore, delete a bunch of stuff from my registry, etc. etc. ad nauseum…

I just don’t want to go messing with all this if I am going to delete programs that I need later to get online. Any advice or help would be greatly appreciated! Thanks!

Do not believe all that stuff on the web especially from those selling various cleaners
look for reliable sources
Castle Cops
Major Geeks
PC Pitstop etc

The word on this detection should come shortly
for now not to panic

If you want something to do in the meantime run secunia software inspector and get up to date
and/or
go to MalwareBytes.org and run a malware bytes anti malware scan
post the log if it finds anything

chill