Author Topic: npmirage.dll a false positive?  (Read 3775 times)

0 Members and 1 Guest are viewing this topic.

Offline AGirlWithQuestions

  • Newbie
  • *
  • Posts: 1
npmirage.dll a false positive?
« on: November 20, 2009, 11:36:29 PM »
Hello!  Last night I was doing a scan and npmirage.dll came up as a trojan horse.  Specifically: 

Win32:Agent-AIDQ [trj]

This never was detected by Avast before.  The file was listed as last being modified on January 02, 2006.  Google results haven't said it's anything bad.  I also came across a Hi-Jack This log I posted on an anti-spyware forum a few years ago and the file was listed in the log, but the helper didn't say it was a problem.

I also did scans in A-squared, Malwarebytes, and Spybot Search And Destroy yesterday and today.  It has not been detected by any of those programs.  I did try uploading the file to the online virus scans like it was suggested in the false positives sticky topic but I only got a message saying something about "0 bytes".  I also tried mailing in the file to the Avast team as suggested, but I'm unable to zip the file.  Perhaps because it's in the Windows System 32 folder?

Any help/clarification on this matter would be GREATLY appreciated!  :)

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85746
  • No support PMs thanks
Re: npmirage.dll a false positive?
« Reply #1 on: November 21, 2009, 01:12:11 AM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.


The zero bytes usually indicates avast is either alerting or blocking activity on the file:
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If on;y avast and GData detect this:
Send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and possible false positive in the subject. Given the difficulty you had emailing, try this.
 
You can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
« Last Edit: November 21, 2009, 01:14:09 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.693) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2244
Re: npmirage.dll a false positive?
« Reply #2 on: November 23, 2009, 09:24:05 PM »
Hi,
thank you for sending sample. False positive will be fixed.

Milos

Offline DeLuk

  • Newbie
  • *
  • Posts: 8
Re: npmirage.dll a false positive?
« Reply #3 on: November 24, 2009, 08:03:56 PM »
Glad I could be of help, having sent the file, and thank you, Milos, for promptly taking care of this false-positive issue. I have just re-scanned the file npmirage.dll with the latest defs (VPS 091124-0) and it is no longer detected. Thank you again.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85746
  • No support PMs thanks
Re: npmirage.dll a false positive?
« Reply #4 on: November 24, 2009, 08:37:20 PM »
Thanks for the feedback.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.693) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security