Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Supposed system virus?
New Posts  All Forums:Forum Nav:

Supposed system virus?

post #1 of 3
Thread Starter 
Well, after seeing a malware thing pop up on Avast, I decided to check my Chest.

I then noticed that three system files were in there: wsock32.dll, winsock.dll, kernel32.dll.

Now, I did check them with virus scans. Nothing seems to have appeared, here are the logs for those.
Quote:
Kernel32.dll Log:

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p241618324.tmp
FileID: 0000000001 Original file name: C:\\WINDOWS\\system32\\kernel32.dll New folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p241618324.tmp\\1.dll

Scan files in the temporary folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p241618324.tmp
C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p241618324.tmp\\1.dll -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!
Quote:
winsock.dll Log:

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p155789285.tmp
FileID: 0000000002 Original file name: C:\\WINDOWS\\system32\\winsock.dll New folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p155789285.tmp\\2.dll

Scan files in the temporary folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p155789285.tmp
C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p155789285.tmp\\2.dll -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!
Finally:

Quote:
Wsock32.dll Log:

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p239629379.tmp
FileID: 0000000003 Original file name: C:\\WINDOWS\\system32\\wsock32.dll New folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p239629379.tmp\\3.dll

Scan files in the temporary folder: C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p239629379.tmp
C:\\DOCUME~1\\Andrew\\LOCALS~1\\Temp\\_avast4_\\un p239629379.tmp\\3.dll -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!
Now, I tried restoring them, but that is impossible because they are always going to be in use by the system.

I just find this highly weird. Could it be possible that it is a False Positive and they will always be in there? Or is it possible that it actually is a virus?

Any help?
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #2 of 3
Probably a virus attached itself to the host files so that the virus can help spread during boot times. i.e. the kernal32.dll

I am not much of a virus guy, but I can see how a virus, which can attach itself to a host file, and spread would easily attach to a system boot up file and spread easier without avast being in the way.
EITM
(13 items)
 
  
CPUMotherboardGraphicsRAM
E3110 @ 3.8 DFI X48 T2R Sapphire 4870 OC'd 4GB Gskill DDR2-1066 
Hard DriveOSMonitorKeyboard
Seagate 500GB 7200.11 32MB Win 7 Home Professional 64-Bit 24" Dell WFP2407 Logitech G15 v2.0 
PowerCaseMouse
Raidmax 700w Rocketfish Modded 6 fan design Logitech G5 
  hide details  
Reply
EITM
(13 items)
 
  
CPUMotherboardGraphicsRAM
E3110 @ 3.8 DFI X48 T2R Sapphire 4870 OC'd 4GB Gskill DDR2-1066 
Hard DriveOSMonitorKeyboard
Seagate 500GB 7200.11 32MB Win 7 Home Professional 64-Bit 24" Dell WFP2407 Logitech G15 v2.0 
PowerCaseMouse
Raidmax 700w Rocketfish Modded 6 fan design Logitech G5 
  hide details  
Reply
post #3 of 3
Those system files are supposed to be in there, notice that they are NOT in the Infected file area. Just leave them be, they are NOT viruses. If you do some reading on Avast they will explain it all completely.
Torch's Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6750 w/G0 ASUS P5KC Sapphire HD5770 1GB 4 GB G.Skill DDR3 1333 
Hard DriveOptical DriveOSMonitor
ADATA S510 120GB SSD, (2)Samsung F3 1TB, Seaga... Asus SATA DVD LinuxMint 13 x86 w/Mate Asus 23" HD 1080p HDMI LED LCD 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 610w PC Power & Cool Silencer Rosewill Blackbone Logitech G400 
Mouse Pad
DOLICA 
  hide details  
Reply
Torch's Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6750 w/G0 ASUS P5KC Sapphire HD5770 1GB 4 GB G.Skill DDR3 1333 
Hard DriveOptical DriveOSMonitor
ADATA S510 120GB SSD, (2)Samsung F3 1TB, Seaga... Asus SATA DVD LinuxMint 13 x86 w/Mate Asus 23" HD 1080p HDMI LED LCD 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 610w PC Power & Cool Silencer Rosewill Blackbone Logitech G400 
Mouse Pad
DOLICA 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Supposed system virus?