Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Positive Perhaps In Avg7.5


  • Please log in to reply
2 replies to this topic

#1 Wenta69

Wenta69

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 04 November 2006 - 11:58 AM

I upgraded recently to AVG 7.5 free version (on a Win XP, Servpack 2 computer). On the first virus check, AVG detected a problem; it identified the file sporder.dll in the Windows\system32\ActiveScan folder. Because the file was not in system32 itself, I was not too worried. Then I discovered that the sporder.dll file (at least, the legitimate version of it) is apparently a Winsock 2 related file, and that some of my XP Servpack 2 friends DO have sporder.dll in their [uninfected] Windows/system32 folders. Some sites even offer you the chance to download the legitimate sporder.dll to put in your Windows/system32 area if you do not have it. (I notice that there is now a sporder.dll file in my AVG Programs folder; but my AVG Virus Vault is empty.) Spybot in its Tools/WinsockLSPs display reports no problems on my computer. I suppose my question is: should a good XP Servpack 2 computer ALWAYS have a genuine copy of sporder.dll in its Windows/system32 folder, or does the file only get there in certain circumstances?? The file specs of the legitimate sporder are apparently "WinSock2 reorder service providers; file version: 5.0.2134.1".

Thanks to BC for helping with so many problems.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:15 PM

Posted 07 November 2006 - 08:33 PM

Hello Wenta69, First let me say welcome to BC. Take a look at these links.

Link > AVG Forum

There are legitimate and malware versions of this file... only scanning them will tell you if they are malware or not. If they scanned an nothing flagged them you are ok.

Now more about the ones you did find... these are known spyware related trojans... that means that an antivirus program will detect and remove the trojan but there is more to spyware than just that... use antispyware utils to help clean up the rest ( if any ) of the spyware components that may exist.

Here is a post about how I prefer to clean a system, these instructions also include cleaning spyware which often is as bad or worse than many virus's as well as other useful information HOW TO CLEAN AN INFECTED COMPUTER.




If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.



If it is a false positive , turn off hueristic scanning for the time being. When Grisoft adjusts the virus defintions you can turn it back on.

More info and a download of the file here
http://www.bleepingcomputer.com/files/sporder.php

http://www.bleepingcomputer.com/filedb/spo....dll-31037.html

Edited by boopme, 07 November 2006 - 08:57 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sultan_emerr

sultan_emerr

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:EL Abdula Oasis
  • Local time:02:15 PM

Posted 08 November 2006 - 03:27 AM

You can always double-check the results with a free online scan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users