Author Topic: Virus or FP  (Read 4404 times)

0 Members and 1 Guest are viewing this topic.

Ludiq94

  • Guest
Virus or FP
« on: December 15, 2011, 04:04:30 PM »
Hi. Few minutes ago Avast alert me for virus but i think its FP. Here is the results from VirusTotal.

razoreqx

  • Guest
Re: Virus or FP
« Reply #1 on: December 15, 2011, 04:08:07 PM »
Hi. Few minutes ago Avast alert me for virus but i think its FP. Here is the results from VirusTotal.

Wow you got something up on VT?    Ive had issues with that site for two days now :(

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Re: Virus or FP
« Reply #2 on: December 15, 2011, 04:24:13 PM »
It could well be a FP. What did you scan? The definition came up in 2006 with DrWeb, again recently and there is a ClamAV definition dating from 2007. If it is a valid detection, it could be spyware/banload as seen from the MD5 hash.
Also see: http://www.internetsecurityzone.com/Entities/RTCOMDLL
Background task: http://www.backgroundtask.eu/Systeemtaken/taakinfo/81816/RTCOMDLL.dll/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Virus or FP
« Reply #3 on: December 15, 2011, 04:26:56 PM »
Hi. Few minutes ago Avast alert me for virus but i think its FP. Here is the results from VirusTotal.

What scan found this ?
What was the malware name ?

Was this about 8 minutes after boot ?

The strange thing being that avast doesn't detect it on the VT scan, so I suspect it is the anti-rootkit scan 8 minutes after boot (hence my last question).

This file name is associated with - RealTek audio codec DLL file. Though the file name doesn't necessarily mean it is that.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Ludiq94

  • Guest
Re: Virus or FP
« Reply #4 on: December 15, 2011, 04:48:51 PM »
I just scanned my PC with Malwarebytes' Anti-Malware and after 3-4 minutes Avast alert me that RTCOMDLL.dll is infected with Win32:Malware-gen.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Virus or FP
« Reply #5 on: December 15, 2011, 06:13:05 PM »
How long after boot was this ?
As scanning with MBAM shouldn't have resulted in this alert ?

So you hadn't specifically initiated an avast scan ?

If you right click on the avast tray icon, select 'Show last popup message,' what does that show (screenshot if it might be easier (attach to the post, using the Additional Options).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Ludiq94

  • Guest
Re: Virus or FP
« Reply #6 on: December 15, 2011, 10:38:22 PM »
How long after boot was this ?
As scanning with MBAM shouldn't have resulted in this alert ?

So you hadn't specifically initiated an avast scan ?

If you right click on the avast tray icon, select 'Show last popup message,' what does that show (screenshot if it might be easier (attach to the post, using the Additional Options).

Few hours after boot. I just wanted to scan my PC with MBAM and during the scan avast alert me for Virus in file RTCOMDLL.dll. I haven't scan with Avast. As to "Show last popup message" i can't see the message because now it show that Avast has updated.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Virus or FP
« Reply #7 on: December 15, 2011, 10:47:39 PM »
Looks like the act of MBAM opening the file to scan it has triggered a File System Shield scan, if you check the avastUI, Real-Time Shields, File System Shield, it should show the last file infected (if you haven't rebooted).

That should give the location also, what was that ?

Did you send it to the avast chest ?
The strange thing as I mentioned is that avast didn't detect it in the VT scan. However that is showing a previous scan from December 9th, which in virus terms is a long time so it probably said this has been scanned before.

If it does it is always best to have it scan the file again.

I have that file and I have scanned my copy RTCOMDLL.dll MD5: C650FF877B54943F99826F4100F61CA9 file size 256 KB (262,144 bytes) 19 November 2007, 09:12:58. So I don't know if this is the same as yours (doesn't appear so as the two VT scans yours and mine have different MD5s) ?

VT results for my RTCONDLL.DLL 0 detections, the same as my avast scan, image1. Ensure that you have the latest avast virus signatures and scan it again.
« Last Edit: December 15, 2011, 10:55:30 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Ludiq94

  • Guest
Re: Virus or FP
« Reply #8 on: December 16, 2011, 11:56:30 AM »
I don't know how but now everything is fine.  :)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Virus or FP
« Reply #9 on: December 16, 2011, 01:03:44 PM »
neither do I but be thankful ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security