Author Topic: aston.mt and user32.dll... false positive?  (Read 9117 times)

0 Members and 1 Guest are viewing this topic.

Vicz

  • Guest
aston.mt and user32.dll... false positive?
« on: December 23, 2008, 09:36:29 AM »
hi all
today avast allert me than C:\WINDOWS\system32\user32.dll is infect by Win32:SysPatch and C:\WINDOWS\system32\aston.mt is infect by Win32:Trojan-gen {Other}, it's that possible? or it's a false positive?

tnx

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: aston.mt and user32.dll... false positive?
« Reply #1 on: December 23, 2008, 09:42:38 AM »
yes, it's quite possible (you can send the user32.dll to www.virustotal.com and post the results here)... don't remove anything.. replace the current user32.dll with a clean one from the rescue disc...

Vicz

  • Guest
Re: aston.mt and user32.dll... false positive?
« Reply #2 on: December 23, 2008, 09:51:05 AM »
when i try to upload the user32.dll virus total say: "0 bytes size received / Se ha recibido un archivo vacio"
what does it means?

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: aston.mt and user32.dll... false positive?
« Reply #3 on: December 23, 2008, 09:53:26 AM »
how about www.virscan.org? the same error?

Vicz

  • Guest
Re: aston.mt and user32.dll... false positive?
« Reply #4 on: December 23, 2008, 09:55:14 AM »
tnx for u help max :D

viruscan say "ERROR: Can't find upload file!"
no comment man...

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: aston.mt and user32.dll... false positive?
« Reply #5 on: December 23, 2008, 09:59:08 AM »
that's pretty strange... are you able to copy the user32.dll file from the \system32\ folder to desktop e.g.?

Vicz

  • Guest
Re: aston.mt and user32.dll... false positive?
« Reply #6 on: December 23, 2008, 10:01:47 AM »
i can't rar, copy,send, or do similar operation... user32 is complety locked...
format c:?...

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: aston.mt and user32.dll... false positive?
« Reply #7 on: December 23, 2008, 10:10:49 AM »
format c:? i think it's not necessary.. let's try to fix it first... can you try to rollback your system to some clean restore point?

Vicz

  • Guest
Re: aston.mt and user32.dll... false positive?
« Reply #8 on: December 23, 2008, 10:39:23 AM »
ok in ADMIN mode i can upload user32.dll
log from VIRUSTOTAL
Code: [Select]
14/38 (36.85%)
AhnLab-V3 2008.12.22.0               2008.12.23 Win-Trojan/User32Hk
AntiVir 7.9.0.45                       2008.12.23 -
Authentium 5.1.0.4                       2008.12.23 -
Avast 4.8.1281.0                               2008.12.23 Win32:SysPatch
AVG 8.0.0.199                               2008.12.22 -
BitDefender 7.2                               2008.12.23 -
CAT-QuickHeal 10.00                       2008.12.23 -
ClamAV 0.94.1                       2008.12.23 -
Comodo 800                               2008.12.22 -
DrWeb 4.44.0.09170               2008.12.23 BackDoor.Zapinit
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6274                       2008.12.22 Win32/Pruserinf
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56                       2008.12.22 -
F-Secure 8.0.14332.0                       2008.12.23 Trojan.Win32.Patched.bb
Fortinet 3.117.0.0                       2008.12.23 -
GData 19                               2008.12.23 Win32:SysPatch
Ikarus T3.1.1.45.0                       2008.12.23 -
K7AntiVirus 7.10.562                       2008.12.22 -
Kaspersky 7.0.0.125                       2008.12.23 Trojan.Win32.Patched.bb
McAfee 5472                               2008.12.22 -
McAfee+Artemis 5472                       2008.12.22 potentially unwanted program Patched User32
Microsoft 1.4205                       2008.12.23 Virus:Win32/Mariofev.A
NOD32 3712                               2008.12.22 Win32/Pinit
Norman 5.80.02                       2008.12.22 -
Panda 9.0.0.4                       2008.12.23 W32/Patched.D
PCTools 4.4.2.0                       2008.12.22 -
Prevx1 V2                               2008.12.23 -
Rising 21.09.12.00                               2008.12.23 Trojan.Win32.Patched.bi
SecureWeb-Gateway 6.7.6               2008.12.23 -
Sophos 4.37.0                       2008.12.23 Troj/User32Hk-A
Sunbelt 3.2.1809.2                       2008.12.22 -
Symantec 10                               2008.12.23 -
TheHacker 6.3.1.4.195                       2008.12.20 -
TrendMicro 8.700.0.1004               2008.12.23 Possible_Patch-1
VBA32 3.12.8.10                       2008.12.22 -
ViRobot 2008.12.23.1532               2008.12.23 -
VirusBuster 4.5.11.0                       2008.12.22 -

i don't found C:\WINDOWS\system32\aston.mt to do a scan
« Last Edit: December 23, 2008, 10:42:03 AM by Vicz »

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: aston.mt and user32.dll... false positive?
« Reply #9 on: December 23, 2008, 10:44:04 AM »
ook.. how about the system restore?

Vicz

  • Guest
Re: aston.mt and user32.dll... false positive?
« Reply #10 on: December 23, 2008, 10:44:56 AM »
i have disable it 2-3 week ago

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: aston.mt and user32.dll... false positive?
« Reply #11 on: December 23, 2008, 11:00:18 AM »
ook.. try the repair option from your OS cd...

Vicz

  • Guest
Re: aston.mt and user32.dll... false positive?
« Reply #12 on: December 23, 2008, 11:05:57 AM »
but user32.dll is corrupt?

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: aston.mt and user32.dll... false positive?
« Reply #13 on: December 23, 2008, 11:09:45 AM »
yes.. it's patched and loads some nasty to all user-mode processes...