I am running XP on a Toshiba notebook. Today, when my system returned from suspend state, Avast warned me that it found a virus: “TDispVol.dll” in C:\WINDOWS\system32 and asked me what to do with it. I told it to put it in the chest. I then made Avast run an entire thorough system check on all hard drives for virus and it found nothing else.
Further investigation on the web shows that “TDispVol.dll” in C:\WINDOWS\system32 is a normal file on Toshiba notebooks. So, is Avast flagging of TDispVol.dll an error? Should I restore the file from my backups? Recently Avast was updated, so this must be something new in the Avast virus database and could be a error.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
If it is indeed a false positive, add it to the exclusions lists: Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Send the sample to virus@avast.com zipped and password protected with the password in email body and false positive in the subject.
Or if it is in the avast chest send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
I did send it to Virus total which checked it with a series of virus engines. Again avast thought it was a virus. None of the others did.
I restored it and this time when I had Avast check just that file, it did not find a virus. I’m not sure if another Avast virus database was downloaded in the interim correcting the false positive or not. For the time being I am leaving the file in place.
Thanks for telling me about Virus Total. Good to know about it.
There has been another VPS update today and that may well have corrected the detection. VirusTotal doesn’t seem to update its signatures in real time so there is always a possibility that the user has a more recent version.