Only Avast marks unarj.dll as virus?! False positive? (solved)

Avast Free Antivirus / Premium Security
1

Hi forum!

Today I’ve scanned my HDDs with latest Avast version and it found in both Win98 and WinXP Pro WINDOWS directory the file unarj.dll infected with Win16:WinError [Joke] virus.
Since many years my computer seemed to be absolutely clean so I decided to scan the file again using VirusTotal and Jotti (see below). I couldn’t upload it to these services on WinXP (maybe due to my personal firewall or Avast scanner) so I did it on Linux. Moreover I wasn’t able to zip this DLL file in order to send it to Avast using WinXP’s own zip program. The error message was something like “Could not create zip file … the directory … is empty …”. I also don’t know which program the file belongs to.
I’d like to reliable find out whether the file contains a virus or not.

VirusTotal:

Complete scanning result of “unarj.dll”, received in VirusTotal at 11.05.2006, 14:23:29 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.05.2006 no virus found
Avast 4.7.892.0 11.03.2006 Win16:WinError
AVG 386 11.04.2006 no virus found
BitDefender 7.2 11.05.2006 no virus found
CAT-QuickHeal 8.00 11.04.2006 no virus found
ClamAV devel-20060426 11.05.2006 no virus found
DrWeb 4.33 11.05.2006 no virus found
eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.05.2006 no virus found
Fortinet 2.82.0.0 11.05.2006 no virus found
F-Prot 3.16f 11.04.2006 no virus found
F-Prot4 4.2.1.29 11.04.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.05.2006 no virus found
McAfee 4888 11.03.2006 no virus found
Microsoft 1.1609 11.04.2006 no virus found
NOD32v2 1.1853 11.03.2006 no virus found
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.04.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 no virus found
VBA32 3.11.1 11.04.2006 no virus found
VirusBuster 4.3.15:9 11.05.2006 no virus found

Aditional Information
File size: 32784 bytes
MD5: f37b39a19c03fef0499af9078866b663
SHA1: 33c7c5a363fafa4f476d54591c8e27ea095b3601

Jotti’s malware scan 2.99-TRANSITION_TO_3.00-R1:

File: unarj.dll
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 f37b39a19c03fef0499af9078866b663
Packers detected:

Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win16:WinError
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

2

You’ve give the answer, most probably, avast scanner is blocking the access to that file.

As a workaround, until the vps is updated and correcte, for the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…

Most probably, a false positive of avast.

3

I agree with Tech.

What exact version of arj do you have on both systems?
Since you speak about unarj.dll I guess it is the 32bit version.
Is this a legal version or a cracked one?

4

Hi!

Unfortunately, there is no version information. As I wrote, I’ve no idea where the file comes from. I’m only sure that it is not a cracked version or something like that.

5

The latest VPS (0646-2) doesn’t recognize a virus in it.

6

Thanks for reporting 8)