AVG false positive

Help and Discussion

Moderator: The Mod Squad

Post Reply
User avatar
evasive
Mobo-fu Master
Mobo-fu Master
Posts: 37629
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands
Contact:

AVG false positive

Post by evasive »

if it wants to remove user32.dll because of a PSW banker4 infection please DO NOT LET IT REMOVE THAT.

Update to the latest definitions and do a new scan

http://freeforum.avg.com/read.php?7,155461#msg-155501
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
User avatar
Karlsweldt
Mobo-fu Master
Mobo-fu Master
Posts: 20868
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Post by Karlsweldt »

Nice to know of that oddity. The file [user32.dll] should be resident in at least three locations, all identical.. and at least a year or more of age. If a very recent date (just a few days), then a Trojan or virus may have 'molested' it!
So far, my AVG has not posted the file with a warning.
The file is on the OS install disk [i386].. in compressed format. The OS install would extract and configure it, with the install date.
[email protected] to solve mankind's maladies.. in our lifetimes!
User avatar
evasive
Mobo-fu Master
Mobo-fu Master
Posts: 37629
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands
Contact:

Post by evasive »

might be handy to collect some originals of them in various flavours/languages for the toolkit :o
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
Post Reply