Author Topic: False Alarm? (Read 10679 times)

baabel · « **on:** February 03, 2011, 10:19:23 AM »

Shwed up this morning after overnight scan.

False Alarms?

C:\\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll

C:\\WINDOWS\$NTServicePackUninstall$\dnsrslvr.dll

Baabel

Pondus · « **Reply #1 on:** February 03, 2011, 10:34:43 AM »

you say these are detected as malware ?
what is the malware name they are detected as ?

can you post the scan log...

bobandelaine · « **Reply #2 on:** February 03, 2011, 01:58:48 PM »

The same occurred on my XP system during its overnight scan. The log showed the severity as High with the following status:

Threat: Win32:Malware-Gen

My settings direct the repair, then move to chest if the repair could not be done ... and the object was moved to the chest.

Bob Howard

broadsword · « **Reply #3 on:** February 03, 2011, 02:16:23 PM »

This is also happening to me this morning. I suspect it is a false positive, but when I navigated in Windows Explorer to look at the file (was going to right click it and look at properties), avast moved it to the chest. Where physically on the PC does avast store the log file? If necessary I can repost and include it. For now, the two locations it was found in, avast moved the files to the chest. Other sources on the web indicate that this is a normal Microsoft file and that it is needed to resolve the PC's DNS name. What action do we take?

Milos · « **Reply #4 on:** February 03, 2011, 04:11:51 PM »

Hello,
send us (virus@avast.com) the file to analyze, please. Put "False positive" to subject.

Milos

broadsword · « **Reply #5 on:** February 03, 2011, 04:27:57 PM »

Hello, will do. But can you tell me where the actual physical log file is located on the PC so I can send it? In the Avast interface, I only see log results. I cannot seem to find where the actual log file is stored.

bobandelaine · « **Reply #6 on:** February 03, 2011, 04:49:24 PM »

I just emailed both files moved to the chest re: this issue. Both files are probably the same as one another. Bob Howard

Pftera · « **Reply #7 on:** February 03, 2011, 05:13:07 PM »

I too have had these moved to my virus chest on an over night scan.

Name:- dnsrslvr.dll
Original Location :- C:\\WINDOWS\$hf_mig$\KB945553\SP2QFE
Size :- 45568
Last Modified :- 2/20/2008
Virus Description :- Win32:malware-gen
File ID :- 8

Name:- dnsrslvr.dll
Original Location :- C:\\WINDOWS\$NtServicePackUninstall$
Size :- 45568
Last Modified :- 2/20/2008
Virus Description :- Win32:malware-gen
File ID :- 9

As I was writing this another threat popped up while running Malwarebytes.. (Malwarebytes didnt report this as a threat.. Only Avast did)

Name:- A0187521.dll
Original Location :- C:\System Volume Information\_restore{09CBDF19............
Last Modified :- 2/20/2008
Virus Description :- Win32:malware-gen
File ID :- 10

MoeZilla · « **Reply #8 on:** February 03, 2011, 06:25:06 PM »

Add me to the list. Here's the two files which turned up in last night's scan of my Windows XP box.

C:\WINDOWS\Shf_migS\KB945553\SP2QFE\dnsrslvr.dll [severity: high]
C:\WINDOWS\SNtServicePackUninstallS\dnsrslvr.dll [severity: high]

broadsword · « **Reply #9 on:** February 04, 2011, 01:12:26 AM »

I have submitted the files moved to my chest for analysis.

C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
C:\WINDOWS\system32\dllcache\dnsrslvr.dll

broadsword · « **Reply #10 on:** February 04, 2011, 01:45:09 AM »

Here is the scan log:

* avast! Scan Report
* This file is generated automatically
*
* Scan name: Daily scan
* Started on: Thursday, February 03, 2011 2:55:00 AM
* VPS: 110203-0, 02/02/2011
*

C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll [L] Win32:Malware-gen (0)
C:\WINDOWS\system32\dllcache\dnsrslvr.dll [L] Win32:Malware-gen (0)
Infected files: 2
Total files: 400900
Total folders: 40818
Total size: 359.4 GB

*
* Scan stopped: Thursday, February 03, 2011 4:03:52 AM
* Run-time was 1 hour(s), 8 minute(s), 52 second(s)
*

baabel · « **Reply #11 on:** February 04, 2011, 01:50:04 AM »

I am not sure where the log file is but it appears that others have seen the same false positive.

If it pops up again on tonight's scan i will try to find the log file.

Baabel .

broadsword · « **Reply #12 on:** February 04, 2011, 02:11:10 AM »

I had to scrounge around to find the location of log files, it was not immediately evident to me where they were located. I finally clicked the help file under reports and found this:

"For a computer running Windows 2000/XP - C:\Documents and Settings\All Users\Application Data\ALWIL Software\Avast5\report"

"For a computer running Windows Vista or Windows 7 - C:\ProgramData\ALWIL Software\Avast5\report"

broadsword · « **Reply #13 on:** February 04, 2011, 05:56:52 PM »

So if avast analyzes this do they post findings here?

Do we restore files from chest then?

Some Google search results on this file - dnsrslvr.dll - indicate this file may be a "needed" file.

Anyone know?

baabel · « **Reply #14 on:** February 04, 2011, 10:26:10 PM »

I'd guess that you should restore them.

I never removed them - I ignored the "find".

Once Avast corrected the problem the files are no longer "found" on my nightly scans.

So I'd say restore them.

Baabel .

Author Topic: False Alarm? (Read 10679 times)

baabel

False Alarm?

Pondus

Re: False Alarm?

bobandelaine

Re: False Alarm?

broadsword

Re: False Alarm?

Milos

Re: False Alarm?

broadsword

Re: False Alarm?

bobandelaine

Re: False Alarm?

Pftera

Re: False Alarm?

MoeZilla

Re: False Alarm?

broadsword

Re: False Alarm?

broadsword

Re: False Alarm?

baabel

Re: False Alarm?

broadsword

Re: False Alarm?

broadsword

Re: False Alarm?

baabel

Re: False Alarm?