Jump to content
Insomniac

avgrsstx False positive?

Recommended Posts

This pc was just formatted yesterday, and I just scanned with malwarebytes (it hadn't detected anything earlier today) with the latest database it flags 'acgrsstx.dll' as 'trojan.vundo'

Is it safe to leave this, as it seems to be a file used by AVG, and I doubt this pc is infected as it has just been formatted.

Malwarebytes' Anti-Malware 1.31

Database version: 1539

Windows 6.0.6001 Service Pack 1

24/12/2008 4:43:54 PM

mbam-log-2008-12-24 (16-43-39).txt

Scan type: Quick Scan

Objects scanned: 59574

Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\avgrsstx.dll (Trojan.Vundo) -> No action taken.

Share this post


Link to post
Share on other sites

I would edit my post, but I can't. Anyway I just checked, and the file in question was created at the exact same time the AVG program folder was created so I highly suspect it is a FP.

Share this post


Link to post
Share on other sites

My other pc is also showing the same 'infection'

I can upload the file for testing if needed.

Share this post


Link to post
Share on other sites

Also, here is the developer mode log (from the second pc) The '1 item infected' text only shows up right at the end, while doing the 'extra and heuristics objects' (or somthing like that, can't remember the exact wording)

Malwarebytes' Anti-Malware 1.31

Database version: 1539

Windows 5.1.2600 Service Pack 3

24/12/2008 5:12:43 PM

mbam-log-2008-12-24 (17-12-40).txt

Scan type: Quick Scan

Objects scanned: 71994

Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\avgrsstx.dll (Trojan.Vundo) -> No action taken. [3857535134305383807566791555867969801301362761564247374856526184908485707820196

1668772838484858915697777]

Share this post


Link to post
Share on other sites

Good morning. Same "problem" here:

Ran quick scan in developer mode on WIN XP SP3:

Malwarebytes' Anti-Malware 1.31

Database version: 1539

Windows 5.1.2600 Service Pack 3

24/12/2008 7:18:55

mbam-log-2008-12-24 (07-18-50).txt

Scan type: Quick Scan

Objects scanned: 63640

Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\avgrsstx.dll (Trojan.Vundo) -> No action taken. [3857535134305383807566791555867969801301362761564247374856526184908485707820196

1668772838484858915697777]

Share this post


Link to post
Share on other sites

That's good to know. Kinda freaked when I saw my freshly formatted pc had an 'infection'. It doesn't help that googling the file name comes up with a site that says "DANGEROUS!" next to the file name. Furthur googling on more informative sites show it is actually from AVG.

On a completely different note: I just realised I typo'd the file name in my first post. :P

Share this post


Link to post
Share on other sites

I know very well what you mean: the very first time I got a FP I really paniced but Ky331 from Dell Support forums very kindly helped me out; now I first "google" the possible infection and when I'm (more or less) sure it might be a FP I run a scan in developer mode and post it and usually my mind is set at rest by Nosirrah. :P

Reason for edit: typing error, sorry.

Share this post


Link to post
Share on other sites

Yes, rub it in that I can't yet edit my posts :P

One interesting thing I found: I made a copy of the file in question, put it onto my desktop and dragged it onto the malwarebytes shortcut (the 'scan with MBAM' isn't in the right click menu on this pc for some reason). It scanned and it found nothing. I guess the reason it was flagged had somthing to do with it's location, not the actual file contets.

Share this post


Link to post
Share on other sites
Yes, rub it in that I can't yet edit my posts :P

I thought it only fair to let them know why I needed to edit my post (genuine reason and nothing dodgy :) ).

Share this post


Link to post
Share on other sites

My, we are getting off topic :P

I wonder what exactly triggered this FP? I mean, I know MBAM is very touchy about .exe files in places they shouldn't be, but this is a .dll in a folder with literally hundreds of .dlls. Why this one and no other?

Share this post


Link to post
Share on other sites

Fixed with version 1540.

Malwarebytes' Anti-Malware 1.31

Database version: 1540

Windows 5.1.2600 Service Pack 3

24/12/2008 16:19:11

mbam-log-2008-12-24 (16-19-11).txt

Scan type: Quick Scan

Objects scanned: 63369

Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Thanks.

Share this post


Link to post
Share on other sites

Hi Guys,

I have been plagued with problems with Windows Explorer locking up consistently and from the error message, I was able to track the problem down to System Mechanic files. The response back from Iolo, makers of System Mechanic was as follows:

The makers of AVG Antivirus released an update over the weekend that mistakenly flagged System Mechanic files as false positives, quarantining them to AVGs Virus Vault. Although they have corrected the issue over the weekend, it is necessary for customers to perform any of the following.....

So it turned out that AVG was causing its own problem - and it seems like you have been having the same deal here.... :)

Regards,

Peter

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.