Virus or FP

Viruses and worms
1

Hi. Few minutes ago Avast alert me for virus but i think its FP. Here is the results from VirusTotal.

2

Wow you got something up on VT? Ive had issues with that site for two days now :frowning:

3

It could well be a FP. What did you scan? The definition came up in 2006 with DrWeb, again recently and there is a ClamAV definition dating from 2007. If it is a valid detection, it could be spyware/banload as seen from the MD5 hash.
Also see: http://www.internetsecurityzone.com/Entities/RTCOMDLL
Background task: http://www.backgroundtask.eu/Systeemtaken/taakinfo/81816/RTCOMDLL.dll/

polonus

4

What scan found this ?
What was the malware name ?

Was this about 8 minutes after boot ?

The strange thing being that avast doesn’t detect it on the VT scan, so I suspect it is the anti-rootkit scan 8 minutes after boot (hence my last question).

This file name is associated with - RealTek audio codec DLL file. Though the file name doesn’t necessarily mean it is that.

5

I just scanned my PC with Malwarebytes’ Anti-Malware and after 3-4 minutes Avast alert me that RTCOMDLL.dll is infected with Win32:Malware-gen.

6

How long after boot was this ?
As scanning with MBAM shouldn’t have resulted in this alert ?

So you hadn’t specifically initiated an avast scan ?

If you right click on the avast tray icon, select ‘Show last popup message,’ what does that show (screenshot if it might be easier (attach to the post, using the Additional Options).

7

Few hours after boot. I just wanted to scan my PC with MBAM and during the scan avast alert me for Virus in file RTCOMDLL.dll. I haven’t scan with Avast. As to “Show last popup message” i can’t see the message because now it show that Avast has updated.

8

Looks like the act of MBAM opening the file to scan it has triggered a File System Shield scan, if you check the avastUI, Real-Time Shields, File System Shield, it should show the last file infected (if you haven’t rebooted).

That should give the location also, what was that ?

Did you send it to the avast chest ?
The strange thing as I mentioned is that avast didn’t detect it in the VT scan. However that is showing a previous scan from December 9th, which in virus terms is a long time so it probably said this has been scanned before.

If it does it is always best to have it scan the file again.

I have that file and I have scanned my copy RTCOMDLL.dll MD5: C650FF877B54943F99826F4100F61CA9 file size 256 KB (262,144 bytes) 19 November 2007, 09:12:58. So I don’t know if this is the same as yours (doesn’t appear so as the two VT scans yours and mine have different MD5s) ?

VT results for my RTCONDLL.DLL 0 detections, the same as my avast scan, image1. Ensure that you have the latest avast virus signatures and scan it again.

9

I don’t know how but now everything is fine. :slight_smile:

10

neither do I but be thankful ;D