Page 1 of 1

AVG false positive

PostPosted: Mon Nov 10, 2008 5:38 am
by evasive
if it wants to remove user32.dll because of a PSW banker4 infection please DO NOT LET IT REMOVE THAT.

Update to the latest definitions and do a new scan,155461#msg-155501

PostPosted: Mon Nov 10, 2008 3:39 pm
by Karlsweldt
Nice to know of that oddity. The file [user32.dll] should be resident in at least three locations, all identical.. and at least a year or more of age. If a very recent date (just a few days), then a Trojan or virus may have 'molested' it!
So far, my AVG has not posted the file with a warning.
The file is on the OS install disk [i386].. in compressed format. The OS install would extract and configure it, with the install date.

PostPosted: Tue Nov 11, 2008 2:04 am
by evasive
might be handy to collect some originals of them in various flavours/languages for the toolkit :o