Author Topic: Win32:Qqpass-DY [Trj] for rundll32.exe  (Read 4515 times)

0 Members and 1 Guest are viewing this topic.

Offline rrryan

  • Newbie
  • *
  • Posts: 3
Win32:Qqpass-DY [Trj] for rundll32.exe
« on: October 27, 2006, 12:12:00 AM »
Hi,
I have been following the thread on the false positive alert on Win32:Qqpass-DZ [Trj].  I have already updated to the latest VPS 0643-6, 2006/10/26, but it is still saying C:\WINDOWS\system32\rundll32.exe is infected. 

I have 3 computer all showing the same alert after the virus update. 

They are all running winxp Pro SP2 traditional chinese version.

Any help is appreciated.

Thank you

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #1 on: October 27, 2006, 01:19:41 AM »
I have been following the thread on the false positive alert on Win32:Qqpass-DZ [Trj].  I have already updated to the latest VPS 0643-6, 2006/10/26, but it is still saying C:\WINDOWS\system32\rundll32.exe is infected. 
To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com

Please, mention in the body of the message why you think it is a false positive and the password used.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82194
  • No support PMs thanks
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #2 on: October 27, 2006, 01:22:29 AM »
XP Pro, English version and no problem with the rundll32.exe.

There has been a similar problem with notpad.exe and this trojan name that would appear to only happen in the non English windows versions. See this topic http://forum.avast.com/index.php?topic=24494.0 and http://forum.avast.com/index.php?topic=24497.0.

I think this is a similar problem, You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.


WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.541) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline rrryan

  • Newbie
  • *
  • Posts: 3
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #3 on: October 27, 2006, 02:07:42 AM »
Thanks for the tip for reporting problems.  I have tested the file on the 2 suggested site and both return no virus found except for Avast. 

Email with the attached zip file had been sent.  It is likely this is only for non english winxp.

Thank you again.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #4 on: October 27, 2006, 02:41:51 AM »
Thanks for the tip for reporting problems.  I have tested the file on the 2 suggested site and both return no virus found except for Avast. 
Most probably a false positive... hope they correct this soon  :-[
The best things in life are free.

Offline Ryo

  • Newbie
  • *
  • Posts: 2
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #5 on: October 27, 2006, 05:38:17 AM »
Problem still there after updated  VPS 0643-6,

I am using Windows XP Pro Chinese Traditional,

temp. solution to me is putting the rundll32.exe into exclusion list..,

hope can fix it in the later update, Thanks!

Offline K3172

  • Newbie
  • *
  • Posts: 2
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #6 on: October 27, 2006, 12:10:14 PM »
0643-7 can help you.. :)

Offline Ryo

  • Newbie
  • *
  • Posts: 2
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #7 on: October 27, 2006, 02:39:28 PM »
0643-7 works fine, thanks you the engineer

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82194
  • No support PMs thanks
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #8 on: October 27, 2006, 04:23:39 PM »
Glad that the latest VPS update resolves the FP, welcome to the forums, rrryan, Ryo and K3172.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.541) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline rrryan

  • Newbie
  • *
  • Posts: 3
Re: Win32:Qqpass-DY [Trj] for rundll32.exe
« Reply #9 on: October 27, 2006, 05:02:03 PM »
Thanks for the quick fix.  I am impress with the response time of the engineers.

 :)