Hi,
I've been reading the various threads on the false positive Win32.TrojanDropper.Delf and just wanted to confirm the same thing has happened on my PC. After running a full scan, Ad-Aware quarantined C:\WINDOWS\SYSTEM32\mfc70u.dll. I deleted this file (before seeing the threads indicating it was a FP), re-started, and ran a full scan again. This time, it quarantined C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP659\A0042431.dll and identified it as Win32.TrojanDropper.Delf also. I didn't delete the file this time. I re-started my PC and ran a full scan a third time which came up clean.
Is the A0042431.dll file just the system restore file and a false positive as well? I didn't manually tell Ad-Aware to set a restore point, so I'm just wondering. Please advise how I should proceed and whether I need to post logs. Thanks.
Full Version: another question re Win32.TrojanDropper.Delf
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
Hi dsr2,
Thank you for posting! Yes, both cases this false positive. Yes, we do need to see the scan logs in case the file was in multiple locations. We can help restore this but if you would post the logs we can be more accurate
Here is the guide for how to find and post those logs (the name always starts with "scan")
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thank you for posting! Yes, both cases this false positive. Yes, we do need to see the scan logs in case the file was in multiple locations. We can help restore this but if you would post the logs we can be more accurate
Here is the guide for how to find and post those logs (the name always starts with "scan")
http://www.lavasoftsupport.com/index.php?showtopic=18033
I've attached the logs. Thanks for your help!
Click to view attachment
Click to view attachment
Edit: The attachments don't seem to be working. I'll have to re-post these later.
Click to view attachment
Click to view attachment
Edit: The attachments don't seem to be working. I'll have to re-post these later.
QUOTE(dsr2 @ Jul 20 2009, 03:07 AM) 
Hi,
I've been reading the various threads on the false positive Win32.TrojanDropper.Delf and just wanted to confirm the same thing has happened on my PC. After running a full scan, Ad-Aware quarantined C:\WINDOWS\SYSTEM32\mfc70u.dll. I deleted this file (before seeing the threads indicating it was a FP), re-started, and ran a full scan again. This time, it quarantined C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP659\A0042431.dll and identified it as Win32.TrojanDropper.Delf also. I didn't delete the file this time. I re-started my PC and ran a full scan a third time which came up clean.
Is the A0042431.dll file just the system restore file and a false positive as well? I didn't manually tell Ad-Aware to set a restore point, so I'm just wondering. Please advise how I should proceed and whether I need to post logs. Thanks.
I've been reading the various threads on the false positive Win32.TrojanDropper.Delf and just wanted to confirm the same thing has happened on my PC. After running a full scan, Ad-Aware quarantined C:\WINDOWS\SYSTEM32\mfc70u.dll. I deleted this file (before seeing the threads indicating it was a FP), re-started, and ran a full scan again. This time, it quarantined C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP659\A0042431.dll and identified it as Win32.TrojanDropper.Delf also. I didn't delete the file this time. I re-started my PC and ran a full scan a third time which came up clean.
Is the A0042431.dll file just the system restore file and a false positive as well? I didn't manually tell Ad-Aware to set a restore point, so I'm just wondering. Please advise how I should proceed and whether I need to post logs. Thanks.
Hi dsr2!
Here are some answers to your questions:
Q1. Is the A0042431.dll file just the system restore file and a false positive as well?
A1. The A0042431.dll file that is detected in System Restore(associated to a previous system restore point) is the "System Restore representation" of the falsely detected mfc70u.dll
Q2. Please advise how I should proceed?
A2:
This false positive has been fixed in update 0149.0008 - please update Ad-Aware to get the latest definition file.
In order to restore the mfc70u.dll you may follow instructions provided at,
http://www.lavasoftsupport.com/index.php?showtopic=26395
When you have restored the deleted object from the ad-Aware quarantine you can create a new system restore point (if you choose to do so).
Thanks for posting the log files
I hope that you find the provided information helpful.
Regards,
LS Pekka
Lavasoft Malware Labs
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.