CLI.Component.Dashboard.Shared.ni.dll False Positive or real threat?

[REDACTED]

Hi

On 6/9/14 Avast reported that it had blocked CLI.Component.Dashboard.Shared.ni.dll as Win64:Evo-gen [Susp] and put it into quarantine. However it looks like it's last time it was changed was in February, seems odd that avast would ignore it all that time. Here is a screenshot of the info Avast gave me. Can anyone tell me if this is a legit threat, and if so what it may have done?


Thanks
MM

[Pondus]

Win64:Evo-gen [Susp] = suspicious

you can upload file to avast lab for analysis


You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21

[REDACTED]

I submitted it via the chest and now I'm trying to restore it so I can submit it to virus total. Doesn't seem to be working though.

C:\windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\2409c67bc6a41975f817b069e7e665de

[REDACTED]

Okay now I am really confused. Attempted to restore the file twice, but it doesn't show up in the folder where it previously was. When I used the location Avast gave me on virus total, it told me there was nothing there too. Then I tried to rescan it and now avast is saying "no virus". I cannot find the file at all, even tried restarting. Not sure what has happened?

[Pondus]

if you rescan the file in avast chest i guess you will not see a Win64:Evo-gen detection as (to my knowledge)  it is a on access detection only
when you restore file from chest a copy will remain in chest just in case .... you may delete this when you will

why you dont find it ..... i do not know

[REDACTED]

Well can anyone tell me what I should do now? I mean I don't know if this was prevented from being restored by Avast or what. I did a boot scan and nothing was found.

Every time I try to go to C:\windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\2409c67bc6a41975f817b069e7e665de it says windows can't find it.

[polonus]

Also consider these info: http://www.shouldiblockit.com/cli.component.dashboard.shared.ni.dll-50560.aspx
Various variants were given an all green here: http://www.herdprotect.com/cli.component.dashboard.shared.ni.dll-5742a80426e489d0a0a98c06dc1be263466031f5.aspx

Check at avast! whether this could be a FP at virus@avast.com

polonus

[REDACTED]

Also consider these info: http://www.shouldiblockit.com/cli.component.dashboard.shared.ni.dll-50560.aspx
Various variants were given an all green here: http://www.herdprotect.com/cli.component.dashboard.shared.ni.dll-5742a80426e489d0a0a98c06dc1be263466031f5.aspx

Check at avast! whether this could be a FP at virus@avast.com

polonus

How can I submit it though when I don't know where avast has put it? It's not in the location Avast said it would be. I'm assuming Avast is supposed to put it back where it was.

[Michael (alan1998)]

Hi, it may be possible the files are hidden from your view.

Open File Explorer > Organize > Folder & Search Options > View > Tick Show Hidden Files/Folders/Drives & Hide Protected Operating System Files > Apply > OK.

Now check that location.

[no face]

I had the exact same happen to me for that dll on june 9th. It was blocked immediately when windows started and from what i can make out it's part of the amd catalyst control centre, i presume you have it installed since you're using an ati card? So as the forum was unfortunately down i did as much checking on it as i could and i really think it's a false positive, i then restored it and put it in the exclusion list. I assume it came from the latest catalyst software version 14.4 and that new virus definitions i guess tagged it as suspicious and there is a precedent for that, i remember avast quarantining steam not so long ago.

EDIT: I see the links polonus posted that it is indeed part of the amd suite so that answers that. Really hope it's a false positive though. Also, for some odd reason the same dll appears twice in the virus chest.

I just noticed the dll listed in those two links is version 4.5.4990.33584 but the version i have is 4.5.5220.38440 and i can't seem to find a newer scan of that file on those 2 sites, again i'm presuming because it comes from catalyst 14.4 which was released in april. So i really would like to check that the md5 hash matches if there's a newer scan but there doesn't appear to be that i can find.

[HonzaZ]

Hi all,
I found several (~20) files with the name of "CLI.Component.Dashboard.Shared.ni.dll" in our system, and I disabled all detections that were detecting these files. I hope the problem is resolved in the next update :-)
Best
Honza

[REDACTED]

I had the exact same happen to me for that dll on june 9th. It was blocked immediately when windows started and from what i can make out it's part of the amd catalyst control centre, i presume you have it installed since you're using an ati card? So as the forum was unfortunately down i did as much checking on it as i could and i really think it's a false positive, i then restored it and put it in the exclusion list. I assume it came from the latest catalyst software version 14.4 and that new virus definitions i guess tagged it as suspicious and there is a precedent for that, i remember avast quarantining steam not so long ago.

EDIT: I see the links polonus posted that it is indeed part of the amd suite so that answers that. Really hope it's a false positive though. Also, for some odd reason the same dll appears twice in the virus chest.

I just noticed the dll listed in those two links is version 4.5.4990.33584 but the version i have is 4.5.5220.38440 and i can't seem to find a newer scan of that file on those 2 sites, again i'm presuming because it comes from catalyst 14.4 which was released in april. So i really would like to check that the md5 hash matches if there's a newer scan but there doesn't appear to be that i can find.

I do have AMD Catalyst, maybe that is the problem.