Hi.
I’ve been using Samurize for a couple of years and never had a problem between it and Avast. But with the 2nd April update from the virus database I get the following error when starting my windows session:
02-04-2007 14:37:41 1175521061 SYSTEM 1496 Sign of "Win32:Banload-BFA [Trj]" has been found in "C:\Programas\Samurize\plugins\CPUtemp.dll" file.
I won’t allow me to start the CPU Temperature plugin that I’ve been using since ever. In case you don’t know, Samurize is a free advanced system monitoring and desktop enhancement engine for Windows and a display for system information, weather reports, news headlines and more.
I truly believe this is a false positive and I would like to know if it can be fixed in the next database update.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
I have this from http://virusscan.jotti.org/
Well, if eight more anti-virus companies say it’s a virus, then who am I to say the opposite?
I just wished they said exactly what it does, because my computer has nothing else wrong. No weird internet access from unknown programs, no extra cpu activity, no programs being installed automatically, no stolen accounts. Sigh… I just want my cpu temperature reading back, and that dll was the most direct way to do it without third-party programs running in the background. And for free
File: CPUtemp.dll
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 ada2f2ea22176e98022b62dfbd47e34b
Packers detected:
PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Scanner results
Scan taken on 03 Apr 2007 13:48:09 (GMT)
AntiVir
Found TR/PSW.Yahoospy.D
ArcaVir
Found nothing
Avast
Found Win32:Banload-BFA
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Pws.Yahoospy.D
ClamAV
Found Trojan.Yahoospy-2
Dr.Web
Found Trojan.PWS.YahooSpy
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found Dloader.P!tr
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found W32/DLoader.ALOF
Panda Antivirus
Found nothing
Rising Antivirus
Found Trojan.DL.Agent.xrq
VirusBuster
Found nothing
VBA32
Found Trojan.PWS.YahooSpy
I have already see that Samurize is detected as infected. Even the setup installer file was detected as being infected. Maybe it’s a malware, or a riskware… There are other applications to change for free and clean 8)
@ joaomt
Well avast isn’t alone in alerting, but the fact that it would appear to use three different packers may cause misidentification.
As Tech said there are other applications that can show cpu temperatures, but the choice is yours, it is your system and you can choose to exclude scans on that dll, see my first reply.
I would advise some google searches for the malware names (and cputemp.dll) to see what the symptoms and indications are of these and check if there are any associated registry entries, files or symptoms.
