VB-MZ False positive?

Viruses and worms
1

I’m running version 4.7-827 database 0619-1 and it is reporting:

Win32:VB-MZ [Trj]

File: RESEDIT.DLL
Version: 6.0.0.8169
Description: Visual Basic 6 Resource Editor

I’ve downloaded a new copy of the DLL which also reports the trojan and scanned the file with another AVS which reports it as clear. I’m assuming a false positive.

Am i Correct??

2

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives

3

Thanks. Tried jotti and Avbast is the only positive. I’ll do as you ask and email a copy.

4

No problem, welcome to the forums.

5

Popped up for me too. Sent it on from the chest to Avast. Checked it against the two sites and they found nothing. For me it was in the system32 file Resedit.dll

6

If you still have it in the chest you can restore it to the original location and add it to the exclusion lists as mentioned above.

Hopefully it will be corrected soon in a VPS update, scan it periodically after VPS updates. Once it is no longer detected you can remove it from the exclusions.

Welcome to the forums psadi.