Windows 7 Service pack 1 installed. Virus warning is a FALSE POSITIVE

[psikofunkster]

Files in temporary folders don't matter. Deleting mscorlib.dll will break the particular .NET version it belonged to. Obviously blindly deleting some files is a bad thing - that's what the chest is for if you are unsure about the file.

"unsure"? im trusting my security to avast, and avast said it was a trojan so i deleted it!, and after that im the one to blame???
the file is gone... this happen many hours ago (before this thread even exist).

[doktornotor]

As this example shows, blindly trusting any tool is not good. Do not let your AV delete any files unless you are absolutely sure that they are infected. They can do no harm once quarantined in chest and more importantly they can be restored back should it turn out that they are harmless - unlike when you delete them.

[DavidR]

<snip>

Files in temporary folders don't matter. Deleting mscorlib.dll will break the particular .NET version it belonged to.

so im screwed up? cause avast told me to delete exactly that file...

Avast didn't tell you to delete anything the default action is to send it to the chest, unless you changed the default actions ?

Check the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\FileSystemShield.txt (XP location or C:\ProgramData\AVAST Software\Avast\report\FileSystemShield.txt (Vista, win7 location), using note pad as that should record the file system shield detections and you can find out what the file was.

If it was mscorlib.dll you can do a search as there are likely to be other versions on your system.

But post the detection information before trying to replace anything with one of the other mscorlib.dll files.

[psikofunkster]

<snip>

Files in temporary folders don't matter. Deleting mscorlib.dll will break the particular .NET version it belonged to.

so im screwed up? cause avast told me to delete exactly that file...

Avast didn't tell you to delete anything the default action is to send it to the chest, unless you changed the default actions ?

Check the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\FileSystemShield.txt (XP location or C:\ProgramData\AVAST Software\Avast\report\FileSystemShield.txt (Vista, win7 location), using note pad as that should record the file system shield detections and you can find out what the file was.

If it was mscorlib.dll you can do a search as there are likely to be other versions on your system.

But post the detection information before trying to replace anything with one of the other mscorlib.dll files.

no man, i didn't change anything. avast told me to reboot my system in that moment, scanned my pc (in safe mode) and then told me it was a trojan, first option is delete it....so.....

yes it was mscorlib.dl as i mentioned and yes i can find another versions...

* Informe de análisis de escudos en tiempo real de avast!
* Este archivo es generado automáticamente
*
* Iniciado el: martes, 01 de marzo de 2011 15:55:57
*

01/03/2011 03:58:25 p.m.   C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll [L] Win32:Spyeye-BG [Trj] (0)
El siguiente error ocurrió al mover el archivo al baúl: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso
El archivo fue eliminado con éxito...

The file couldn't be move into the chest: the process doesn't have access to the file because it is being used by other process.
The file was deleted with successfully.

[doktornotor]

no man, i didn't change anything. avast told me to reboot my system in that moment, scanned my pc (in safe mode) and then told me it was a trojan, first option is delete it....so.....

Instead of continuing this absolutely unproductive "debate", how about following the advise above and finding out what you actually deleted (as opposed to what you think you might have deleted?)  

yes it was mscorlib.dl as i mentioned and yes i can find another versions...

Post the entire path to the file from the log.

[psikofunkster]

no man, i didn't change anything. avast told me to reboot my system in that moment, scanned my pc (in safe mode) and then told me it was a trojan, first option is delete it....so.....

Instead of continuing this absolutely unproductive "debate", how about following the advise above and finding out what you actually deleted (as opposed to what you think you might have deleted?)  

yes it was mscorlib.dl as i mentioned and yes i can find another versions...

Personal Message (Online)
   
   
Re: Windows 7 Service pack 1 installed. Virus warning is a FALSE POSITIVE
« Reply #78 on: Today at 01:57:26 AM »
   Reply with quoteQuote Modify messageModify
Quote from: DavidR on Today at 01:56:06 AM
Quote from: psikofunkster on Today at 01:42:08 AM
<snip>
Quote from: doktornotor on Today at 01:41:01 AM
Files in temporary folders don't matter. Deleting mscorlib.dll will break the particular .NET version it belonged to.

so im screwed up? cause avast told me to delete exactly that file...

Avast didn't tell you to delete anything the default action is to send it to the chest, unless you changed the default actions ?

Check the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\FileSystemShield.txt (XP location or C:\ProgramData\AVAST Software\Avast\report\FileSystemShield.txt (Vista, win7 location), using note pad as that should record the file system shield detections and you can find out what the file was.

If it was mscorlib.dll you can do a search as there are likely to be other versions on your system.

But post the detection information before trying to replace anything with one of the other mscorlib.dll files.



no man, i didn't change anything. avast told me to reboot my system in that moment, scanned my pc (in safe mode) and then told me it was a trojan, first option is delete it....so.....

* Informe de análisis de escudos en tiempo real de avast!
* Este archivo es generado automáticamente
*
* Iniciado el: martes, 01 de marzo de 2011 15:55:57
*

01/03/2011 03:58:25 p.m.   C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll [L] Win32:Spyeye-BG [Trj] (0)
El siguiente error ocurrió al mover el archivo al baúl: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso
El archivo fue eliminado con éxito...

The file couldn't be moved into the chest: the process doesn't have access to the file because it is being used by other process.
The file was deleted successfully.
Post the entire path to the file from the log.

so i was wrong it was mscrolib.ni.dll

[doktornotor]

yes it was mscorlib.dl as i mentioned and yes i can find another versions...

No, it was NOT - as clearly shown in the log.

01/03/2011 03:58:25 p.m.   C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll [L] Win32:Spyeye-BG [Trj] (0)
El siguiente error ocurrió al mover el archivo al baúl: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso
El archivo fue eliminado con éxito...

You don't need this dynamically compiled file so just move on.

[psikofunkster]

yes it was mscorlib.dl as i mentioned and yes i can find another versions...

No, it was NOT - as clearly shown in the log.

01/03/2011 03:58:25 p.m.   C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll [L] Win32:Spyeye-BG [Trj] (0)
El siguiente error ocurrió al mover el archivo al baúl: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso
El archivo fue eliminado con éxito...

You don't need this dynamically compiled file so just move on.

so i was wrong it was mscrolib.ni.dll and??? what happens after? i deleted a file here anyway.

[doktornotor]

As already said multiple times, you do not need the NI

[psikofunkster]

As already said multiple times, you do not need the NI

Hey, don't forget im a client i paid for a full license and i didn't provoke this was avast 6, if you don't have patience you shouldn't be here. Avast should have tested their new software before releasing it so soon after a windows 7 sp1, they shouldn't have hurried up.

Thanks for your help anyway.

[doktornotor]

Hey, don't forget im a client i paid for a full license and i didn't provoke this was avast 6, if you don't have patience you shouldn't be here.
Thanks for your help anyway.

Hey, don't forget I'm doing this for free in my free time and if people do not actually read the replies and make others repeat themself over and over again they are just wasting other people's time. IOW, I am not an Avast employee. Have a nice day.

Avast should have tested their new software before releasing it so soon after a windows 7 sp1, they shouldn't have hurried up.

Kindly note that this issue has nothing to do with releasing new version, the problem was in virus database signatures update - hence it affected any Avast version.

[psikofunkster]

Hey, don't forget im a client i paid for a full license and i didn't provoke this was avast 6, if you don't have patience you shouldn't be here.
Thanks for your help anyway.

Hey, don't forget I'm doing this for free in my free time and if people do not actually read the replies and make others repeat themself over and over again they are just wasting other people's time. IOW, I am not an Avast employee. Have a nice day.

Only because you do it for free i should shut up my mouth and receive your scolding? i don't think so, take a break, relax and have a nice day too.

[doktornotor]

Only because you do it for free i should shut up my mouth and receive your scolding? i don't think so, take a break, relax and have a nice day too.

Right, scolding. Sorry to have wasted my time. Chill out, dude. 

[mikeb12]

the FP positive was on the dll....  not the exe.  the exe just triggered the dll as a service.  come on guys, it's not rocket science.

seems the avast guys would know this by now.....  where are the IT engineers?

It's a net4 service issue. analyze it it and solve it already.

I almost want to offer my services at a fee.  I've been an IT engineer for 21 yrs, with McAfee corp training, but it's not my place.

[songbird]

Gosh...people?

I am new to using Avast.
I have read the FAQ & many Help Files as I learn this software.

When I ran my Full System Scan this morning and it showed a serious Trojan Virus Threat.
#1 - I did not panic
#2 - I moved the file to the Virus Chest (that's the point...no need to delete until you know)
#3 - I Googled the Exact Virus Name & found an Avast Forum Thread
#4 - I Investigated and found MANY Avast Forum Threads pertaining to this Issue
#5 - I monitored the Forums several times throughout the day
#6 - Based on this info, I "restored" the file and ran the "Scan" again using v. 110301-2
#7 - When the Full System Scan showed the same results, I left...and went out to dinner
#8 - When I returned, I checked the Forums again
#9 - I updated to v. 110302-0...restored the file, and ran the Scan again

Yay!!!!

...and all of this without ever having to panic, run a boot-time scan, or post on these Forums
(until now - advice for all of us newbies)