Hi,
I have been following the thread on the false positive alert on Win32:Qqpass-DZ [Trj]. I have already updated to the latest VPS 0643-6, 2006/10/26, but it is still saying C:\WINDOWS\system32\rundll32.exe is infected.
I have 3 computer all showing the same alert after the virus update.
They are all running winxp Pro SP2 traditional chinese version.
To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.