ncs2dmix.dll Win32:Dropper-gen [Drp] F/P

[iroc9555]

Avast! quick scan VPS 140317-0 and 140317-1 detected:

C:\WINDOWS\system32\ncs2dmix.dll
C:\i386\ncs2dmix.dll

as Win32:Dropper-gen[Drp] in my system. The only analyzers in Virus Total to detect this file are avast! and GData:
https://www.virustotal.com/en/file/0dfd548157dbf7cdeb6ffbac851bb1ac3ecc5df3f57dd2437c20dceeb654fcfe/analysis/1395095829/

This file belogs to Intel Proset for Windows Device Manager so I am pretty sure it is a F/P. File was sent to avast! lab for verification.

[iroc9555]

Nada yet. Vps 140318-0 and 140318-01 still detect de file. Worst, it is detecting it in system restore now with File System Shield

Hey avast! you are usually fast at fixing these F/P, or is it because is and old XP file and no one else is reporting it ?

BTW no answer in e-mail confirming it is not a F/P.

[jefferson sant]

when I sending a file to be added to the detection
sometimes get some response
but this is difficult

We don't reply on emails if we don't need some additional info.

Milos

I will try to solve your problem

Reporting to virus analyst

[iroc9555]

Hola Jefferson.

Yes I could have sent to Milos, but I thought it might be better to post it here for others to see. Usually avast! lab is fast at fixing F/P.

Thanks

[jefferson sant]

I do not know what's going on
because a week ago I sent a file and so far nothing
maybe virus lab not received.

[jefferson sant]

Hola Jefferson.

Yes I could have sent to Milos, but I thought it might be better to post it here for others to see. Usually avast! lab is fast at fixing F/P.

Thanks

Already fixed in VPS 140319-1 update.

[flowergardener]

When you say this is fixed, does that mean this file is ok to use? I just ran Avast boot scan last night, 3/20/2014, and it was moved to the chest. Should I restore it, assuming I know how to restore?

Nick Geti

[jefferson sant]

When you say this is fixed, does that mean this file is ok to use? I just ran Avast boot scan last night, 3/20/2014, and it was moved to the chest. Should I restore it, assuming I know how to restore?
Nick Geti

hello

exactly, open the virus chest
click on restore options and add exclusions
it is still being detected
send the file to virus@avast.com, put "False positive" to email subject,compressed in ZIP or RAR.

[Michael (alan1998)]

When you say this is fixed, does that mean this file is ok to use? I just ran Avast boot scan last night, 3/20/2014, and it was moved to the chest. Should I restore it, assuming I know how to restore?

Nick Geti

Why did you run a Boot Time scan? It's not needed unless Avast! found something in the FullScan.

[iroc9555]

Already fixed in VPS 140319-1 update.

Not quite. It was fixed with 140320-0 or 20-1. Sorry for my late answer. I've been busy, and thanks to avast! to resolve this F/P.

When you say this is fixed, does that mean this file is ok to use? I just ran Avast boot scan last night, 3/20/2014, and it was moved to the chest. Should I restore it, assuming I know how to restore?

Nick Geti

Hi Nick.

It was fixed with VPS 140320-0. That means that avast! is not detecting that file as a Dropper; However, there are several versions of the file. Some are signed others not. Some are more uptodate than others, mine was old an unknown. May be the one you have is another version and avast! is still detecting it.

Do as Santiago said and send it to avast! lab. After you have it restored send it to Virus Total for analysis. Let see what it finds. Report results.