Jump to content
anchor

Is This a False Positive?

Recommended Posts

Adware.Vundo/Variant-X32[Header]

and it was residing in C:\WINDOWS\U2X00_32.DLL

Should it be restored?

Share this post


Link to post
Share on other sites

Someone has suggested that it could be related to the drivers for the Umax scanner, and as I do have this scanner then that just may be the answer.

Share this post


Link to post
Share on other sites

Someone has suggested that it could be related to the drivers for the Umax scanner, and as I do have this scanner then that just may be the answer.

Hi anchor.

Does the scanner function correctly with the the file in quarantine?

Here are two options:

1) Restore the file, upload it to Virus Total, then post the results:

http://www.virustotal.com/

2) Restore the file, run a SAS scan, then select the file and choose, "Report False Positive".

Share this post


Link to post
Share on other sites

Adware.Vundo/Variant-X32[Header]

and it was residing in C:\WINDOWS\U2X00_32.DLL

Should it be restored?

Yes, this is definitely a false positive. I just had it detected today myself and reported it to SAS as a FP. I've had a UMAX scanner (from the Win98 days) and it still works very well. The file "U2x00.DLL" resides in the Windows directory and is dated on my PC as created 6/3/2007 (when I installed it on my new XP system). The modified date shows: 7/24/2000... so it's a really old file. I even uploaded it to VirusTotal and every single scanner says it's clean. Hopefully SAS will update the definitions to correct this.

Hope this helps.

See partial screen shot below:

post-11431-127007123433_thumb.jpg

Share this post


Link to post
Share on other sites

Yes, this is definitely a false positive. I just had it detected today myself and reported it to SAS as a FP. I've had a UMAX scanner (from the Win98 days) and it still works very well. The file "U2x00.DLL" resides in the Windows directory and is dated on my PC as created 6/3/2007 (when I installed it on my new XP system). The modified date shows: 7/24/2000... so it's a really old file. I even uploaded it to VirusTotal and every single scanner says it's clean. Hopefully SAS will update the definitions to correct this.

Hope this helps.

See partial screen shot below:

Thanks Rick.

SAS will update the definitions accordingly.

Share this post


Link to post
Share on other sites

I restored the file anyway, when I look in properties now the creation date is now the date I restored it, is that normal? the last modified date is still the date it was originally.

Share this post


Link to post
Share on other sites

I restored the file anyway, when I look in properties now the creation date is now the date I restored it, is that normal? the last modified date is still the date it was originally.

Yeah, that's fine. The file date doesn't really matter. On my file date it shows the date I installed the file(s) on my newer PC. The modification date will probably show the original creation date. Not sure what version of UMAX scanner you have (mine is an UMAX Astra 2100u). Modification date shows 7/24/2000.

Hope this helps.

Share this post


Link to post
Share on other sites

This file is still being falsely detected as of today even after updates. See image below which shows the normal place it resides (Windows) plus my backup location in ZZTEMP. Of course I did not remove it.

post-11431-127021646703_thumb.jpg

Share this post


Link to post
Share on other sites

This file is still being falsely detected as of today even after updates. See image below which shows the normal place it resides (Windows) plus my backup location in ZZTEMP. Of course I did not remove it.

Yeah, thanks for that.

Mines is a UMAX #0160 Scanner, purchased around 2000.

I was asked on here to remove the file to quarantine to see if there is a reaction, and if there was then I would just restore it back, but as we probably know anyway that it is a false positive then SAS should really be taking steps to remove it from being detected.

I wonder how long it will take for SAS to update the defs?

It doesn't matter what program version is used as the program in general uses the same update files, perhaps someone from SAS will confirm this?

Share this post


Link to post
Share on other sites

i started a seperate thread but im wondering if my below issues is cause of the variant and is it the same one as mentioned in this thread

i use firefox but after quarantining some adware im having problems opening some links on websites. if i click on the link to open a new tab sometimes it comes up as double click gif image and other times it comes up as go.url(gif image 1x1 pixels) sometimes if i double click quickly the link works. other times the link works ok. this has just started happening after the quarantine so im wondering if its connected as some of the adware are the double click gif image i mentioned above and one is adware.vundo variant- launch.does that have anything to do with it and maybe its been quarantined when it shouldnt have?

Share this post


Link to post
Share on other sites

i started a seperate thread but im wondering if my below issues is cause of the variant and is it the same one as mentioned in this thread

Have you tried restoring the file and see if you still have these problems?

You can always quarantine it again if need be.

Share this post


Link to post
Share on other sites

no i havnt. i wondered if i should but im not sure what the vundo variant is.ive googled but found nothing that confirms one way or the other. so i was abit worried incase it was something serious

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...