win32:trojano-898[trj] Nero related

Viruses and worms
1

I have suddenly had this virus alert appear whenever I start nero…pointing the finger at msa.dll.

I have been trying to find out any info on this trojan, bt cannot seem to find anything anywhere…Is this a new virus…included in a recent update?

Anyone have similar trouble, or any info on it?

2

Submit the file to Jotti and let us know the results, i.e., if it is or not a false positive.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus (at) avast.com.
Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see About avast: right click avast icon) will also help.

3

jotti results

Service load: 0% 100%

File: msa.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
Packers detected: None

AntiVir No viruses found (0.45 seconds taken)
Avast Win32:Trojano-898 (3.17 seconds taken)
BitDefender No viruses found (1.92 seconds taken)
ClamAV No viruses found (0.38 seconds taken)
Dr.Web No viruses found (0.50 seconds taken)
F-Prot Antivirus No viruses found (0.47 seconds taken)
Kaspersky Anti-Virus No viruses found (0.65 seconds taken)
mks_vir No viruses found (0.24 seconds taken)
NOD32 No viruses found (0.60 seconds taken)
Norman Virus Control No viruses found (0.23 seconds taken)

It seems Avast is the only software that pulls it up…still none the wiser if it is infected or not…I’ll attach the file…password virus
…(change extention to zip)

4

Hi,
I have the same problem with msa.dll . I also uploaded it to jotti and got the same results. I think its avast that has the problem and not the dll.
I can’t use nero wave editor, however. What will i do now? I am afraid to shut down the on-access scanner.

5

Don’t simply change the extension to zip, this may not fool some email servers and may bounce exe files. Being zipped and password protected is best way to send.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

6

Don’t shut down the scanner, add the suspect file to the exclusions list.

7

i’m right on it…thanks guys.

8

If you update your virus database to v0502-2 the problem is fixed.

Thanx for this fast support.

Patrick

9

If you did add this file to the exclusions list, you can remove it and check again and see if it is not picked up.

10

great work…thanks all

11

thanks from me too :slight_smile: