Author Topic: Win32: Trojano-1546(TRJ) False Positive ???  (Read 3653 times)

0 Members and 1 Guest are viewing this topic.

polak

  • Guest
Win32: Trojano-1546(TRJ) False Positive ???
« on: July 01, 2005, 05:01:25 PM »
Recently uninstalled Norton Antivirus and replaced with Avast on one of my PC's. After recent update Avast identified that I was infected with Win32: Trojano-1546 (TRJ) in c:\windows\system32\openports.dll file.

Have subsequently scanned with TDS-3 and Ewido with most recent updates installed. No infection found by TDS-3 or Ewido.

Checked properties of openports.dll against properties of openports.dll in a different PC with XP Pro installed in both machine. Properties are identical in both PC's. Scanned the openports.dll file in the second machine with Nod32(most recent updates installed). Nod32 found the openports.dll file free of infection.

Trying to absolutely confirm that this is a false positive.

« Last Edit: July 01, 2005, 05:28:22 PM by polak »

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: Win32: Trojano-1546(TRJ) False Positive ???
« Reply #1 on: July 01, 2005, 05:56:02 PM »
At first: are you sure you have completely removed Norton, as it leaves a lot of mess behind it. About possible false positive: send it to http://virusscan.jotti.org/ It may be false positive, but I think it could be due to not full Norton removal. Look here about it. If you are sure everything's OK with removed Norton and infection is not found by Jotti, so send file for virus@avast.com with brief description.
« Last Edit: July 01, 2005, 05:59:10 PM by -YLAP- »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32: Trojano-1546(TRJ) False Positive ???
« Reply #2 on: July 01, 2005, 05:59:44 PM »
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

polak

  • Guest
Re: Win32: Trojano-1546(TRJ) False Positive ???
« Reply #3 on: July 01, 2005, 06:11:49 PM »
Thank you for your responses.

Am quite sure that I got all of Norton out and what a task that was. Used the ususal Add/Remove, followed by Rnav2003, followed by deletion of all Norton, Liveupdare, Symantec files found while in Safe Mode and all files available for viewing when using search.

Lastly I used RegSeeker and deleted all registry entries it found for Norton, Symantec, and Liveupdate all 250+ of them.

I'll try, as suggested, the Jotti-multi engine on line virus scanner as another cross reference check




Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32: Trojano-1546(TRJ) False Positive ???
« Reply #4 on: July 01, 2005, 06:14:12 PM »
Yes it certainly looks like you have done a thorough job in getting rid of NAV, often harder to get rid of that a virus ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

polak

  • Guest
Re: Win32: Trojano-1546(TRJ) False Positive ???
« Reply #5 on: July 01, 2005, 06:24:36 PM »
Google search for "openports.dll" suggests it is likely associated with Microsoft Antispyware

polak

  • Guest
Re: Win32: Trojano-1546(TRJ) False Positive ???
« Reply #6 on: July 01, 2005, 08:51:58 PM »
Issue resolved.

I'm assuming that I was getting alert of W32: Trojano-1546(TRJ) infection when using the June 30-05 VBS installed. After installing to-day's update and rescanning, there is no notification of infection.

Ran scans with with Jotti's on line scanner and VirusTotal on line scan prior to updating Avast with to-day's update. Both Jotti's and TotalVirus scans came back indicating the openports.dll was not infected. Then updated Avast with to-day's update which also came back negative.

I'm assuming that the possibility is there that a false positive was being given using the June 30 th VBS that has no been rectified.