| View previous topic :: View next topic |
| Author |
Message |
ersatz
Trooper
Joined: Apr 29, 2004
Posts: 15
Location: USA
|
 Posted: Tue Oct 31, 2006 11:30 pm Post subject: AVG 7.5 detects sporder.dll as trojan - true or not? |
|
|
I updated AVG on 10/30/06 to version 7.5.
This version's first scan detected a sporder.dll as "Trojan horse Downloader.Agent.GPZ" (see details at bottom).
AVG deleted the file which was found in 2 locations and placed backup copies in the vault.
I also ran Trend Micro's online scan, and during the scan, an AVG virus alert popped up. This time this same trojan was identified as a different file in system restore (see details at bottom). Trend Micro found no trojans.
Further, when attempting to run the Trend Micro scan the first time, an Explorer error alert popped up indicating Explorer needed to shut down. I rebooted my computer, and the Windows disk verification function began to run. (This verification has happened each time I've tried rebooting since the AVG file detection.)
I suspected the AVG detections might be false, so I shut down my computer for the night, expecting to find the explanation today.
Yesterday, I had no success in identifying this trojan (Downloader.Agent.GPZ). However, there seems to be a lot of confusion about the sporder.dll file - needed for Windows to run, trojans attach to it, etc.
Today, I still cannot find anything pertinent to the AVG files detected. Further, after I manually updated AVG's definitions, my cordless keyboard and mouse stopped working. After about 2 hours and reinstalling the cordless mouse drivers, I was able to restore them both. I don't know if this problem is unrelated, but I can say that this has never happened before.
Can someone please advise me what to do about these files AVG has detected?
Thanks...
--------------------------------
AVG - 7.5.428 (7.5 installed 10/30/06 - updated defs 10/31/06)
--------------------------------
Files detected during AVG 7.5 first scan
(automatically deleted/copies in vault) -
Object name sporder.dll
Object path C:\WINDOWS\system32\ActiveScan\
Discovery Trojan horse Downloader.Agent.GPZ
Date of detection 10/31/2006 2:50:36 AM
File size 9.27 KB (9488 bytes)
Healable No
Source Backup copy
Object name sporder.dll
Object path C:\WINDOWS\LastGood\System32\ActiveScan\
Discovery Trojan horse Downloader.Agent.GPZ
Date of detection 10/31/2006 2:50:36 AM
File size 9.27 KB (9488 bytes)
Healable No
Source Backup copy
--------------------------------
File detected during Trend Micro scan (moved to vault) -
Object name A0132495.dll
Object path C:\System Volume Information\_resotre{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP949\
Discovery Trojan horse Downloader.Agent.GPZ
Date of detection 10/31/2006 4:54:27 AM
File size 9.27 KB (9488 bytes)
Healable No
Source Moved object
--------------------------------
My system/security -
Windows XP Home SP1
Mozilla Firefox 1.5.0.7 (never use Explorer)
AVG 7.5.428
Zone Alarm 6.5.737.000
CWShredder v2.19
SpywareBlaster 3.5.1
AdAware SE Personal Build 1.06r1 (defs loaded - SE1R129 26.10.2006)
ewido 4.0.0.172
Webroot Window Washer 6.0 (Build 6.0.2.466)
--------------------------------
_________________
If it ain't broke, don't fix it.
|
|
| Back to top |
|
 |
nosirrah
Security Expert
Special Response Team
Joined: Apr 19, 2006
Posts: 6301
Location: USA
|
| Posted: Wed Nov 01, 2006 3:20 pm Post subject: |
|
|
STATUS: SCANNINGFile "sporder.dll" received on 11.01.2006 at 16:16:05 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.
AVG 386 11.01.2006 no virus found
You are good to go . 
|
|
| Back to top |
|
|
ersatz
Trooper
Joined: Apr 29, 2004
Posts: 15
Location: USA
|
| Posted: Wed Nov 01, 2006 10:55 pm Post subject: |
|
|
Thank you so much for the verification, nosirrah.
This "bug" or error, or whatever it is, has caused a lot of us who depend on AVG a great deal of time, trouble, and frustration.
Hopefully, today's AVG rather large update has rectified the problem.
Thanks again...
_________________
If it ain't broke, don't fix it.
|
|
| Back to top |
|
|
Marianna
Security Expert
Premium Member
Joined: Nov 05, 2003
Posts: 11731
|
|
| Back to top |
|
|
dp
Microsoft MVP
AVG Host
Joined: Mar 12, 2002
Posts: 416
|
| Posted: Thu Nov 02, 2006 2:17 pm Post subject: |
|
|
| ersatz wrote: | Hopefully, today's AVG rather large update has rectified the problem.
|
Good to hear you are now trouble free. The f/p was corrected in yesterday's definition update(s). Noticed from your initial post that you are using 7.5.428. There has been a program update. You may want to upgrade to 7.5.430 so you're using the latest scanning engine (this is done through the program).
_________________
Microsoft MVP Consumer Security, 2004-2008
|
|
| Back to top |
|
|
ziggys8
Cadet
Joined: Feb 05, 2007
Posts: 3
Location: USA
|
| Posted: Mon Feb 05, 2007 5:13 pm Post subject: delete files in vault? Also shell& kernal changes daily |
|
|
Hi,
Im afraid I don't understand the answer to the posted question but I have a similiar or the same problem.
A virus, Trojen Horse DownloaderAgent.GPZ.was found on 11/06. The object is sporder.dll in Temp/Isscan and also Windows/system32/activescan.
The viruses are in the vault and can not be healed. I am running the latest version of AVG.
My question is can I now delete those files? Since the scan detected them on 11/06 and does not come up in new scans does that mean they are eliminated?
My other concern is that now AVG detects shell32.dll and kernal32.dll as being changed each day I run a scan. It's listed under changed/infected.
Is this normal? Should I be concerned?
Thanks so much to a total novice to these problems. 
Ziggy
PS: Not sure if I should post my second question as a new topic?
|
|
| Back to top |
|
|
dp
Microsoft MVP
AVG Host
Joined: Mar 12, 2002
Posts: 416
|
| Posted: Mon Feb 05, 2007 7:15 pm Post subject: Re: delete files in vault? Also shell& kernal changes da |
|
|
| ziggys8 wrote: | A virus, Trojen Horse DownloaderAgent.GPZ.was found on 11/06. The object is sporder.dll in Temp/Isscan and also Windows/system32/activescan.
The viruses are in the vault and can not be healed. I am running the latest version of AVG.
My question is can I now delete those files? Since the scan detected them on 11/06 and does not come up in new scans does that mean they are eliminated? |
Nothing in the Vault can do any harm to your system. Based on the locations that you present (sporder.dll in Temp/Isscan and also Windows/system32/activescan.), they can be deleted from the vault or left alone as they can do no harm.
| ziggys8 wrote: | My other concern is that now AVG detects shell32.dll and kernal32.dll as being changed each day I run a scan. It's listed under changed/infected.
Is this normal? Should I be concerned?
Thanks so much to a total novice to these problems.
Ziggy
PS: Not sure if I should post my second question as a new topic? |
That will happen after doing Windows Updates or having run Scandisk to correct disk errors. The only time that you need to worry is if they also show as infected.
_________________
Microsoft MVP Consumer Security, 2004-2008
|
|
| Back to top |
|
|
ziggys8
Cadet
Joined: Feb 05, 2007
Posts: 3
Location: USA
|
| Posted: Thu Feb 08, 2007 5:10 am Post subject: |
|
|
Hello Dp and thank you for the replies. What a relief.
My computer is only 5 months old so I get a bit concerned.
It's impossible to stay ahead of the bad guys without the good guys, (that's You), helping us out.
The files that I mention are listed under virus Results, Results/Changed, Status/ Changed. But they do not show up in the vault. Thanks again!
Ziggy
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
