sporder.dll

Avast Free Antivirus / Premium Security
1

Hello,
Today, Avast started giving me the message:

Sign of “Win32:Agent-GEA [Trj]” has been found in “C:\WINDOWS\system\sporder.dll” file.

It happened right after I used Remote Desktop Application to log into a client’s PC, so at first, I thought it was their PC giving them the message, but then I realized it was mine.

I read on the internet that sporder.dll is necessary for many apps, so I don’t know what to do. What would you guys suggest?

Thanks,
Mike

2

Hello

Sumit the file to virustotal, it’s a multi engine online scanner. http://www.virustotal.com/xhtml/index_en.html

If avast is the only one detecting it, it probably is a false positive. In that case submit it to virus@avast.com, in a password protected zipped e-mail. Include in the e-mail, the password, why you think it is a fp, which version of avast and vps detected it and perhaps a link to this thread.

If it is a false positive, you can add the file to avast’s exclusion lists. For on access exclusion, left click the “a” icon near the clock, click on standard shield provider, customize button, advanced tab. For on demand scan exclusion, right click on the “a” icon, select program setting, exclutions. In either case use the browse feature to add the file. You can use wildcards.

3

Hi, thanks for the quick reply. I submitted the file to that link, and it took me to a page that said that 0 bytes were received. I had read that one thing sporder.dll was necessary for was the internet, so maybe the file is running when I try to submit it to that link, so it doesn’t upload it?

I did run an online scan of the System folder with Bit Defender’s online scan and eTrust online scanner, and it didn’t detect a virus.

Thanks,
Mike

4

It’s possible. Can you copy the file to, say your desk top, and submit it that way? You may have to rename the copy.

Btw, which provider detected the file? And what action did you take?

5

Hi, I took no action, because I read that after deleting the file, a lot of people had problems with the internet and other apps.

I’ll try your suggestions on submitting the file.

Thanks for all your help
Mike

6

No problem and welcome to the forum.

Yes,deleting should be the last course of action, 'cause when avast deletes, it deletes, no more chances. Moving to the chest is probably the best choice. From there further investigation can be done and files can be restored to their original place if found to be clean. Files cannot be run from the chest, it’s kinda like a safe place.

Let us know how you get along with this.

7

Hi, I renamed the file and copied to my desktop and submitted it. Man, VirusTotal is one of the best internet apps to come along in years - thanks for telling me about it! Woo hoo!

I am happy to say that Avast was the sole detector of said virus. I’ll zip it up and send to Avast now.

Thanks so much for your help!

Mike

8

Just check the file from time to time to see if avast has added it a vps udate.

Thanks for posting back.

9

This is an indication that you tried to upload a file in the virus chest (a protected area) so as oldman said you need to export a copy to a temporary location in order to be able to upload it to VT.

You can also send the sample file from within the avast chest, select the file, right click, email to Alwil Software. No need to zip and PW protect when the sample is sent from chest.