Last week, we had a lot of problems, many computers reported infections on file: c:\windows\system32\ws2_32.dll with the virus "Win32:Trojan-gen {Other{ the computers reporting this were Windows XP SP2 with VPS 081113-0, but Windows XP SP3 and Vista with VPS 081113-0 were runing without problems, very few computers with Windows XP SP2 and VPS 081113-1 worked fine, after many hours investigating and a lot of computers with blue screen at logon, we decided to start in recovery console from a boot cd, and just copy the “infected” file with a SP3 version, it solved our problem. So I just want to know if some of you know about a problem with the VPS 081113-0 and the file ws2_32.dll
well I just want to confirm the issue, same symptons, same solution…
I summited the file to a multiple antivirus engines online scanner and just avast! reported as suspiciuos.
I also summited the file to alwil to confirm that is a false positive, but they haven’t answered until now.
As customer I expect an official answer and a way to prevent this kind of issues in the future.
They are usually prompt to correct when an FP is sent and confirmed. Check scan the sample in the chest periodically after a VPS update, normally they only contact you if they require more information.
I don’t know which multi-engine scanner you used, the virustotal one is probably the best one with 36 scanners it also uses the windows version of avast and other scanners.
VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first.
I did the scan with virustotal, but virustotal had the vps 081113-1 with that vps Avast don’t report an infection, the problem was with vps 081113-0, it was online some hours, but it cause in my case, many problems.
Yes David that is true, and so good, only because the affected computers were unable to logon, and so, unable to update their VPS file, that was the real problem.
Roberto, that was good, you could get the report from virustotal and virscan.