Hi,
Almost direct after a update from AV anti virus i got when i started World of Warcraft i got the following virus detect message: D:\1 Spellen\World of Warcraft\Scan.dll.new.
Win32:Trojan-gen {Other}
VPS versie 081028-0, 28-10-2008
I think this is a false positive.
Maybe some one can look into this.
File: Scan.dll
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: 2b86bc28a32426105b6d7b8cbc5fabc1
Packers detected:
PE_PATCH.UPX, UPX
Scanner results
Scan taken on 28 Oct 2008 17:42:23 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:Trojan-gen {Other}
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Being super paranoid I could really use some confirmation if this is a false positive going on here – I certainly believe it is but like I said, paranoid…
Although it is the same file name that isn’t a guarantee that it is the same file, though it is highly likely.
The one uploaded to virustotal by Kinder certainly seems so and Kinder should send a sample to avast.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
This file has not been recently added or modified, it was never identified until after Avast! received an update this morning, to help add to the context.