I received a virus alert after an update the virus was named as athcfg11Res.dll (Win32:Trojan-gen), it was found in my system 32 folder and also local temp folder with various {c01 etc} addresses. I removed them all to virus vault, but now my Tp- link wn620g wireless utility will not run. I uninstalled it but now avast will not let me reinstall it, when i run the CD avast kicks in with virus warning
File name C:\DOCUME~1\scott\LOCALS~1\Temp{33A685B7-68CD-4E00-9B43-D640099C394F}{28006915-2739-4EBE-B5E8-49B25D32EB33}\athcfg11res.dll
in the last few months I noted that Avast is finding a lot of FP as virus, what I suggest to do is NEVER cancel a file when avast say is infected, just put in the chest, this must be the first option, when is in the chest you never have problem and have the time to investigate if is really a virus or just a FP.
Last week while scanning my pc, avast found 4-5 files infected, io put them in the chest and waiting for the new update. After 2-3 days and two updates I restore all the files from the chest and make new scanning, nothing was founded, so, they were FP.
hope I’ve done this correctly and this is the information you need. I ran the CD again then navigated to the folder from the web page, the alert directed me.
I’ve also noticed that ashServ.exe is using over 50% of my CPU all the time.
The ashServ.exe is the main scanning engine so if it is scanning (the avast icon would be rotating) the CPU activity would be up. What sensitivity do you have the Standard Shield set to (Normal is the default), High would be scanning much more files so I would expect to see more activity/CPU use.
I’ve reposted the link to virustotal site but as stated in the post you linked me to it does look like a false positive. I will report this to avast also.
Here is the evaluation of this file:
MODULE ID: 184653 | Parents: 0 | Children: 0 | THREAT LEVEL: In Review
COMPANY NAME: Atheros Communications, Inc.
FILE ATTRIBUTES: Archive, Compressed
FILE DESCRIPTION: ACAPI RES DLL
FILE FOLDER: %SYSTEM%
FILE NAME: athcfg11res.dll
FILE SIZE: 77,824 KB
FILE VERSION: 4.1.0.148
INTERNAL NAME: ACAPIRES
MD5 SIGNATURE: 1e5a947e34e31fa8a63e0dffceb83e37
ORIGINAL FILE NAME: athcfg11res.dll
PRODUCT NAME: Atheros Configuration API Res Dynamic Link Library
PRODUCT VERSION: 4.1.0.148
SPECIAL FOLDER: SYSTEM
and the results from VirScan: http://virscan.org/report/32bbe510ef218eac841b7a2e138cced2.html
Big thanks to all for the help polonus, DavidR & Jtaylor83.
Ive emailed a copy of the file to avast but as I suspected I think it is a false positive. We will have to wait to see what comes back I’ve also emailed a link to this thread.
Thanks for the feed back and taking the time to improve detections.
If you have a copy in the chest, periodically scan it from within the chest (after VPS updates) and when no longer detected remove the exclusions and restore the file from the chest.