High Threat: PEbiosinterface32.dll???

Hi!

On monday I started getting a high threat found on my computer when I do my daily scan with Avast 7 Free Antivirus. The file in question is PEbiosinterface32.dll and it is located in folder …\ASUS\AXSP\1.00.19\PEbiosinterface32.dll. Threat status is “Win32:Trojan-Gen” whatever that is.

I could not fix this threat so I did a complete wipe of my computer as it was needed anyway. But after installing my motherboard drivers and stuff from ASUS’s website I got the virus warning about a high threat again. Is this a false positiv or is this a valid threat?

The file PEbiosinterface32.dll a file used by ASUS Com Service? A windows service related to the Asus Motherboard Utilities? I tried newer version of this file aswell and got the same problem then.

What to do?

upload the file to www.virustotal.com and test with 40+ malware scanners
when you have the result, post the scan link here for us to see

if you have the file in chest, right click it and upload to avast lab as false positive

Thanks for the info…

Here is the result:

SHA256: 6dbe600a1c0e8c1aa839204c40acc73bc515582de60c750cac0aa2d40ce42e50
SHA1: 7c8077b9e3da3dc406f72c2a62a4c0f920d26d18
MD5: 70e4025947142cfbb40c6a28666368f4
File size: 29.5 KB ( 30208 bytes )
File name: PEbiosinterface32.dll
File type: Win32 DLL
Detection ratio: 5 / 43
Analysis date: 2012-10-03 13:31:05 UTC ( 0 minutter ago )
0
0
More details
Antivirus Result Update
Agnitum - 20121002
AhnLab-V3 - 20121003
AntiVir - 20121003
Antiy-AVL - 20121002
Avast Win32:Trojan-gen 20121003
AVG - 20121003
BitDefender - 20121003
ByteHero - 20120918
CAT-QuickHeal - 20121002
ClamAV - 20121003
Commtouch - 20121003
Comodo - 20121003
DrWeb - 20121003
Emsisoft - 20120919
eSafe - 20121002
ESET-NOD32 - 20121003
F-Prot - 20120926
F-Secure - 20121003
Fortinet - 20121003
GData Win32:Trojan-gen 20121003
Ikarus - 20121003
Jiangmin - 20121002
K7AntiVirus - 20121002
Kaspersky - 20121003
Kingsoft - 20120925
McAfee - 20121003
McAfee-GW-Edition - 20121003
Microsoft - 20121003
Norman - 20121003
nProtect - 20121001
Panda Suspicious file 20121002
PCTools - 20121003
Rising - 20120928
Sophos - 20121003
SUPERAntiSpyware - 20120911
Symantec - 20121003
TheHacker - 20121001
TotalDefense - 20121003
TrendMicro PAK_Generic.001 20121003
TrendMicro-HouseCall PAK_Generic.001 20121003
VBA32 - 20121002
VIPRE - 20121002
ViRobot - 20121003

as i said…post the scan link…makes it easier :wink:

https://www.virustotal.com/file/6dbe600a1c0e8c1aa839204c40acc73bc515582de60c750cac0aa2d40ce42e50/analysis/

anyway clicking the “additional info” did not reveal so much

have you uploaded it to avast lab ?

Sorry. New at this.

Here is the link: https://www.virustotal.com/file/6dbe600a1c0e8c1aa839204c40acc73bc515582de60c750cac0aa2d40ce42e50/analysis/

Yeah have uploaded it now.

Yeah have uploaded it now.
then it is just wait and see.....right click the file in chest and rescan tomorrow to see if it has been fixed when it is, you can restore it from chest...a copy will remain in chest...just in case ;)

ellers da…hvordan er været i nordheimsund ;D

Thanks!

Hehe! Blå himmel nå faktisk. :wink: Imponerende. Hva røpte meg?

IP :wink: hmm…plaske regn der jeg er nå, Oslo

Still no change on the file. I scanned it in the chest and still says Win32:Trojan-gen.

Norman lab say the file is clean

it is not infected Thanks

Files:
PEbiosinterface32.dll: Not Detected

Posibility there it is a false positive: http://systemexplorer.net/file-database/file/pebiosinterface32-dll/771095 &
http://www.backgroundtask.eu/Systeemtaken/taakinfo/129965/pebiosinterface32.dll/ &
http://www.isthisfilesafe.org/filename/PEbiosinterface32.dll_details.aspx &
http://f.virscan.org/PEbiosinterface32.dll.html
Probably a generic packer/crypter detection for a PUP

polonus

And now the file will be cleared so scanner wont pick it up again???

File PEbiosinterface32.dll is now cleared by Avast it seems.

Thanks!