I use NOKIA’s PC Suite to sync my communicator with Outlook. Doing this tonight, I had a virus-detection alert. The listed file is the PRC32eng file that controls the port communication. I tried repair, but it couldn’t repair. So I evetually relented, selected delete. Then of course the PC Suite port communicatins ceased to work. I pulled a copy of the file from one my older image backups in Sep (long before I last used the program and when there were no such alerts) and pasted it in. Scanned with avast and it was clean.
I then had to reboot, because apparently avast was still blocking the communication between PC and phone. However, now the PRC32eng application file says it was updated today and the virus alert is back. Not sure where to go from here. I run scheduled virus scans every Sunday, but nothing shows up in last week’s log.
Should I just roll the entire system back to a previous image restore, or is the virus hiding somewhere and reloading itself into this file every time, or…is this a false positive from the latest avast update?
Upload the file to VirusTotal and post results.
Thank you. Below are the results.
Also, I ran a full scan last night, but the only occurance it found was on the C drive (I have Win 2000 on the C drive and XP on a partitioned D drive, with the program loaded on both OS’s); however, in individually scanning those files each one showed a positive result for this virus. What I don’t understand is that it found no other virus files anywhere else. If that’s the case, then how is this file getting updated every time I reload an older version of it?
Results:
Antivirus Version Last Update Result
AhnLab-V3 2008.11.1.0 2008.10.31 -
AntiVir 7.9.0.10 2008.10.31 -
Authentium 5.1.0.4 2008.11.01 -
Avast 4.8.1248.0 2008.11.01 Win32:PureMorph
AVG 8.0.0.161 2008.10.31 -
BitDefender 7.2 2008.11.01 -
CAT-QuickHeal 9.50 2008.10.31 -
ClamAV 0.94.1 2008.11.01 -
DrWeb 4.44.0.09170 2008.11.01 -
eSafe 7.0.17.0 2008.10.30 -
eTrust-Vet 31.6.6184 2008.10.31 -
Ewido 4.0 2008.10.31 -
F-Prot 4.4.4.56 2008.10.31 -
F-Secure 8.0.14332.0 2008.11.01 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.01 Win32:PureMorph
Ikarus T3.1.1.44.0 2008.11.01 -
K7AntiVirus 7.10.513 2008.10.31 -
Kaspersky 7.0.0.125 2008.11.01 -
McAfee 5419 2008.10.31 -
Microsoft 1.4005 2008.11.01 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.10.31 -
PCTools 4.4.2.0 2008.10.31 -
Prevx1 V2 2008.11.01 -
Rising 21.01.42.00 2008.10.31 -
SecureWeb-Gateway 6.7.6 2008.11.01 -
Sophos 4.35.0 2008.11.01 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.01 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.01 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.10.31 -
Additional information
File size: 90112 bytes
MD5…: a7eb3d66151784b0b0a1e0f50f75ed92
SHA1…: 5e82d4b0329fa89de740e08b031e840761f78374
SHA256: 927428c32aaf3cb10cd9158f3f8e93c379fbd415e3b8b85972fabe8695aa3d57
SHA512: 7ef768f3b9481d951db351ed08c17fc55c7c87528d8f12c099b3d8509099a9f9
cb4351231c3f73166cc3707123ec1eeebb2d95d855e4e5aaa48ec944f1bd5345
PEiD…: -
TrID…: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1960f320
timedatestamp…: 0x3dd246a6 (Wed Nov 13 12:33:42 2002)
machinetype…: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xea28 0xf000 5.99 aa7d28f5789a3da38517f85284f235f7
.rdata 0x10000 0x1692 0x2000 4.02 93e64b894fe16a8937e0685834fa0544
.data 0x12000 0x2668 0x3000 2.82 fecc79040ac05ab7e97179f907d8c990
.CRT 0x15000 0x5c 0x1000 0.15 abf7975b76b6fc29341d7e286a3bb23a
( 12 imports )
Wswitch.dll: -, -, -, -, -, -, -, -, -, -, -, -, -
ESOCK.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -
EUSER.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
ECONS.DLL: -
EFSRV.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
PLPCLI.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
PLPSVR.DLL: -, -, -
PLPREMLINK.DLL: -, -, -, -, -, -, -, -, -
KERNEL32.dll: CloseHandle, WaitForSingleObject, ReleaseMutex, ReleaseSemaphore, MapViewOfFile, UnmapViewOfFile, CreateThread, TerminateThread, Sleep, ExitProcess, SystemTimeToFileTime, FileTimeToLocalFileTime, FileTimeToSystemTime, SetErrorMode, GetLocalTime, GetLastError, GetCurrentProcessId, IsBadWritePtr, FlushFileBuffers, WriteFile, GetSystemTime
ADVAPI32.dll: RegCloseKey
OLEAUT32.dll: -, -
eccmcfg.dll: EccmGetActiveConfig, EccmSetActiveConfig
( 0 exports )
Send the file in a password-protected zip folder to virus@avast.com with false positive in subject and the password mentioned in email body.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there), select the file, right click, email to Alwil Software. No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
So that you can use the program in the meantime - Add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions (right click the avast ’ a ’ icon)
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
fixed internally, afaik…