Recently uninstalled Norton Antivirus and replaced with Avast on one of my PC’s. After recent update Avast identified that I was infected with Win32: Trojano-1546 (TRJ) in c:\windows\system32\openports.dll file.

Have subsequently scanned with TDS-3 and Ewido with most recent updates installed. No infection found by TDS-3 or Ewido.

Checked properties of openports.dll against properties of openports.dll in a different PC with XP Pro installed in both machine. Properties are identical in both PC’s. Scanned the openports.dll file in the second machine with Nod32(most recent updates installed). Nod32 found the openports.dll file free of infection.

Trying to absolutely confirm that this is a false positive.

At first: are you sure you have completely removed Norton, as it leaves a lot of mess behind it. About possible false positive: send it to http://virusscan.jotti.org/ It may be false positive, but I think it could be due to not full Norton removal. Look here about it. If you are sure everything’s OK with removed Norton and infection is not found by Jotti, so send file for virus@avast.com with brief description.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

Thank you for your responses.

Am quite sure that I got all of Norton out and what a task that was. Used the ususal Add/Remove, followed by Rnav2003, followed by deletion of all Norton, Liveupdare, Symantec files found while in Safe Mode and all files available for viewing when using search.

Lastly I used RegSeeker and deleted all registry entries it found for Norton, Symantec, and Liveupdate all 250+ of them.

I’ll try, as suggested, the Jotti-multi engine on line virus scanner as another cross reference check

Yes it certainly looks like you have done a thorough job in getting rid of NAV, often harder to get rid of that a virus ;D

Google search for “openports.dll” suggests it is likely associated with Microsoft Antispyware

Issue resolved.

I’m assuming that I was getting alert of W32: Trojano-1546(TRJ) infection when using the June 30-05 VBS installed. After installing to-day’s update and rescanning, there is no notification of infection.

Ran scans with with Jotti’s on line scanner and VirusTotal on line scan prior to updating Avast with to-day’s update. Both Jotti’s and TotalVirus scans came back indicating the openports.dll was not infected. Then updated Avast with to-day’s update which also came back negative.

I’m assuming that the possibility is there that a false positive was being given using the June 30 th VBS that has no been rectified.