This thing popped up and avast said it found a trojan. Is this a real one or a FP?
Virus has been detected!
File Name: UISysRest.dll
FileID: 4
Virus Description: Win32:Startpage-210 [Trj]
This thing popped up and avast said it found a trojan. Is this a real one or a FP?
Virus has been detected!
File Name: UISysRest.dll
FileID: 4
Virus Description: Win32:Startpage-210 [Trj]
I had the same “Trojan” warning pop up on my machine. I notice that we have some security software in common, specifically Prevx1 and the former Ewido, now AVG-AS. In fact, the warning occurred while I was installing some new Prevx software. That install seems to have happened without any corruption. I really don’t know what the connection is. Any ideas?
Haven’t had any trojan warning. Checked my system (XP home, SP2) and looked at sys32… UISysrest.dll is not present, which means it could be something nasty, or something valid but specific to your OS’s I guess. Google doesn’t know either.
mine came up during the prevx update as well. i have a feeling its a FP
Feelings can be wrong and without information hard to confirm. My feeling is you treat as infected until you positively confirm it isn’t. And since a google search for that file name (unless any typos) returns no hits it makes me even more suspicious.
Where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
What options did the pop-up give, Abort Connection (Web Shield detection only) Or multiple options Send to chest, Repair, Delete, etc. ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
I chose to remove the flagged item—it seemed like the prudent option. My warning stated that the Trojan was located in a temp file with a (very) long name, but I think the key element in the string was “Sfx1.tmp”. Could this have been a “dummy” signature used for internal testing? If so, it wouldn’t really be a False Positive, would it? I must say that I’m impressed that Avast beat Ewido/AVG to the punch on this one,
given that Ewido was once a dedicated Anti-trojan program.
Doesn’t sound like a dummy, but rather a temporary file created by an installer or SFX archive (I mean, file used for installation purposes… the installer engine, or something like that).