my avast home 4.7 told me c:\windows\rundll32.exe contains sample of Win32:Trojan-gen. {Other}
Malware type: Virus/Worm
VPS version: 0625-1,2006/06/19.
So I took out my WIN98 orginal CD-ROM and extracted a new rundll32.exe to my windows. But still I got the same warning message. So I chose Repair. It showed repair sucessfully and I can open the control panel. But when I turned off my pc, it showed again. Personally I feel my pc is quite normal, nothing wrong. Is it possible a false alarm?
Firstly Trojans can’t be repaired (the repair prosess I fee shouldn’t have been available) as the complete conetnt is malicious, unlike an infected file where the infected part can be removed.
You could check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives and send a sample to avast so that it can be examined and if required correct the VPS file.
Well, it’s hard to say for sure without seing the real file, but I really doubt it’s a false alarm. If there were a false alarm in Win98 rundll32.exe, we would see an incredible number of reports (Win98 is still quite a popular system, so it would affect a significant number of users).
Are you completely sure about the filename? Some malware hide themselves by using a very similar filename to a system component… (for example, it could delete one ‘l’ character, or substitute one ‘l’ for the number 1 in the filename - rundl132.exe would look very similar).
Can you submit the file to Jotti or VirusTotal, as DavidR suggested?
Did you try to scan the original CD-ROM directly with avast!?
Tried the second scanner. Similar results. only avast said the same virus, and Fortinet found it suspicious(different from the result of the first engine).
No Problem, looks like a false positive detection.
If you can send the file to virus @ avast.com in a zipped password protected attachment with password in the body of the email with a subject of false positive (refer to the (Mini Sticky) False Positive link above).
Welcome to the forums.
Thank you all for your answers. I just sent out the email with the zip file.
Your welcome, hopefully that will help to improve the Generic signature ‘Win32:Trojan-gen’ that detected this. Periodically check the file after VPS updates when it is no longer detected you can remove it from the exclusions.