Supposed system virus? - Overclock.net

GH0 · 06-22-08

Well, after seeing a malware thing pop up on Avast, I decided to check my Chest.

I then noticed that three system files were in there: wsock32.dll, winsock.dll, kernel32.dll.

Now, I did check them with virus scans. Nothing seems to have appeared, here are the logs for those.

Quote:

Kernel32.dll Log:

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp24161 8324.tmp
FileID: 0000000001 Original file name: C:\WINDOWS\system32\kernel32.dll New folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp24161 8324.tmp\1.dll

Scan files in the temporary folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp24161 8324.tmp
C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp24161 8324.tmp\1.dll -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!

Quote:

winsock.dll Log:

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp15578 9285.tmp
FileID: 0000000002 Original file name: C:\WINDOWS\system32\winsock.dll New folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp15578 9285.tmp\2.dll

Scan files in the temporary folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp15578 9285.tmp
C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp15578 9285.tmp\2.dll -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!

Finally:

Quote:

Wsock32.dll Log:

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp23962 9379.tmp
FileID: 0000000003 Original file name: C:\WINDOWS\system32\wsock32.dll New folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp23962 9379.tmp\3.dll

Scan files in the temporary folder: C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp23962 9379.tmp
C:\DOCUME~1\Andrew\LOCALS~1\Temp\_avast4_\unp23962 9379.tmp\3.dll -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!

Now, I tried restoring them, but that is impossible because they are always going to be in use by the system.

I just find this highly weird. Could it be possible that it is a False Positive and they will always be in there? Or is it possible that it actually is a virus?

Any help?

Grafixs · 06-23-08

Probably a virus attached itself to the host files so that the virus can help spread during boot times. i.e. the kernal32.dll

I am not much of a virus guy, but I can see how a virus, which can attach itself to a host file, and spread would easily attach to a system boot up file and spread easier without avast being in the way.

Mr_Torch · 06-23-08

Those system files are supposed to be in there, notice that they are NOT in the Infected file area. Just leave them be, they are NOT viruses. If you do some reading on Avast they will explain it all completely.

		Overclock.net - Overclocking.net > Software, Programming and Coding > Networking & Security
Supposed system virus?

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)