Sign of “Win32:Neptunia-NM [trj]” has been found in “C:\Program Files\Tencent\QQ\ausdl.dll” file.
Sign of “Win32:Neptunia-NM [trj]” has been found in “C:\Program Files\Tencent\QQ\P2PFile\vqqsdl.dll” file.
Sign of “Win32:Neptunia-NM [trj]” has been found in “C:\Program Files\Tencent\QQ\QQPet\ausdl.dll” file.
Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Tencent\QQ\QQZoneHelper.dll” file.
Sign of “Win32:Neptunia-NM [trj]” has been found in “C:\Program Files\Tencent\QQ\QzoneSupport.exe” file.
Sign of “Win32:Neptunia-NM [trj]” has been found in “C:\Program Files\Tencent\QQ\VQQPlayer.ocx” file.
Sign of “Win32:Neptunia-NM [trj]” has been found in “C:\Program Files\Tencent\QQ\vqqsdl.dll” file.
when the vps update to ‘16.3.2008 - 80316-0’ ,i got these virus! It’s error report?
Very many friends have met and my same question! because many people use QQ in china. The error possibly causes so many people to unload avast.How should we do?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
If it is indeed a false positive, add it to the exclusions lists: Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if you haven’t already sent it to the chest) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
With 9 of 32 scanners detecting something it is a little difficult to say it is a false positive detection.
Since 4 of them specifically mention QQ in the adware/spyware name it is even harder to say it is an FP. I have no knowledge of Tencent QQ, so perhaps it is ad supported or gathers information on browsing habits, etc. I don’t know.
I would also suggest you check the other files at virustotal.
It will not hurt to submit the files to avast for analysis.
This is an adware that displays ads using popups. It monitors browsing habits and relays back results to its own server such that it can generate popups based on those results. Tencent QQ is however a Chinese made IM system, which can be installed via drive-by download. Regarding stability, Tencent QQ is written in Chinese and can cause Windows to crash if the Chinese character set isnt installed. http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453083549
And the files that were flagged were part of this adware, fuller description of it: http://www.threatexpert.com/report.aspx?uid=e860f2c6-920d-409b-9de2-739ce9f39dd4
If TencentQQ is not considered malware in China, you can put it into the avast exclusion list, but I would also like an explanation of the Chinese developer why antispyware & malware scanners flag this software as adware. Read about the Tencent QQ controversies and annoyances here: http://en.wikipedia.org/wiki/QQ
I have given you all the information I have here, and I think you can make a decision now, if you have a Chinese character set installed it cannot be qualified as malware, but it comes in the category of adware. If that can be blocked I would not see a reason not to have it onto your computer, as it is mighty popular in China,
That was my suspicion, ad supported/adware, which if people installed it themselves and are generally happy to accept the ads, they can add the files to the avast exclusions.
However, previously there was only one QQ file flagged as malware now it seems there are many based on avast1.cn’s list. So it appears to be growing.