AVG forum

Question

False Positive with Canon Software? Or Virus Infested SW?

by njunear / May 19, 2012 12:20 PM PDT

After 7-1/2 years using the Canon File Viewer Utility that came as part of the software included with my Canon digital camera, AVG has determined one of the core files was a virus and shut the program using that core file down.

So, I decided to download the latest version of the Canon software drivers. And AVG has now decided that one of the drivers in that program has the virus Win32/DH{ZAc}. I cannot find any information about this virus except from untrusted sources.

The affected program is A0011868.dll. The previous file was cdsdk2ap.dll

I have temporarily overcome the situation by choosing to ignore the file in the Residential Scan area, but need to know if there is a proper fix for this.

Even the original file on the software CD shows as positive.

I have done an online scan and it showed no virus activity on my computer.

I did a Google search, but most answers want you to download a 'fix' for the problem and I'm not about to do that, as none of the sites are familiar to me. I searched for information on the A0011868.dll and found no source of information I trusted (CNET returned "We're sorry, we couldn't find any search results for 'A0011868.dll'." Microsoft's website returned the same result.

I just installed the program from a Canon site direct download, so I'm a little concerned about which site to trust. Does AVG have the correct information about the file or is Canon passing on virus infested files?

I'm running Windows XP Pro SP3 with AVG Free 2012.0.2176 with virus database 2425/5010, Link Scanner Version 1037, and AVG Security Toolbar version: 11.0.0.9.

Thanks,

Kent

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: False Positive with Canon Software? Or Virus Infested SW?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: False Positive with Canon Software? Or Virus Infested SW?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
Try this
by mchainmchain / May 19, 2012 4:06 PM PDT

Go to virus total dot com and scan your file with 40+ virus scanners here: https://www.virustotal.com/index2.html

Copy and paste the resulting scan url at AVG forum; if it is a false positive, report that file to AVG via uploading it through the quarantine folder. You can also paste the url here as well, if you wish.

Refer to your AVG program documentation on how to report a file as a false positive.

Anything more than three positive results is borderline for a malware result.

Collapse -
Answer
Re: False Positive with Canon Software? Or Virus Infested SW
by Ondrej_AVG / May 20, 2012 4:41 PM PDT

Hello njunear,

Unfortunately I was not able to find the Canon utility to download and get mentioned file for closer analysis by our virus specialists.

Can you please follow these instructions to provide us with mentioned file, so our virus analysts can analyze that file and remove false positive detection, if incorrectly detected?

Thank you for your cooperation

Collapse -
False Positive Apparently Fixed with Latest AVG Update
by njunear / May 22, 2012 3:43 AM PDT

Hello Ondrej_AVG:

I completed update today at 13:06 EDT. Previous update was this morning at 0030 EDT. Apparently problem has been fixed. The file on which AVG was triggering was in the "C:\System Volume Information" directory. After the update, I completed two scans on the entire folder because even with SysAdmin privileges, I could not gain access to the individual contents of the directory. The two scans of the folder yielded the results "Scan Finished...no threats were found."

I don't know if that is because AVG had already made the file inaccessible and even AVG could not access it, or because the problem with the file was fixed, or because AVG identified a false positive and fixed it.

If the file, or a similar file triggers AVG again, I'll post again.

Best regards,

Kent

Collapse -
Re: False Positive Apparently Fixed with Latest AVG Update
by Ondrej_AVG / May 22, 2012 4:34 PM PDT

Hello Kent,

Please be informed that only scheduled scan (which is being run with SYSTEM rights) is able to scan content of "C:\System Volume Information" folder (if the access rights are not modified manually). Because common whole computer scan is run with rights of logged user and he (even Administrator) has no access to a few system folders.

In case of any other questions, please feel free to ask here again.

Thank you

Collapse -
False Positive Not really Fixed
by njunear / May 23, 2012 12:17 AM PDT

Hello Ondrej:

You are correct. The scheduled scans flagged the suspect file again, whereas even the Anti-Rootkit scan is not signaling a problem. I'll continue my research and see if other product flag the files as problematic.

Best regards,

Kent

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Smartphone tip

Hoarding photos on your phone?

Those picture are hogging memory and could be slowing down your phone.