High Risk?

Discussion in 'Prevx Releases' started by marse.robert, Jan 11, 2010.

Thread Status:
Not open for further replies.
  1. marse.robert

    marse.robert Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    255
    Location:
    Langar: Nottinghamshire: UK
    Hi all,

    After reading the News on Google, I closed the browser and was confronted by a warning from a Prevx pop up:

    C:\Windows\system32\aepdu.dll - High Risk
    C:\Windows\system32\aeinv.dll - High Risk

    Acording to the powers that be, these two .dll's are microsoft files and deleting them might cause trouble for the operating system. Has anyone else seen this?


    Marserobert
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
  3. marse.robert

    marse.robert Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    255
    Location:
    Langar: Nottinghamshire: UK
    Hi,

    I am afraid I cannot do as you ask! The pop up arrived without a scan which surprised me.

    I immediately checked to see if the two .dlls had any malicious history and I ascertained that they where Microsoft. I did an advanced scan on the two .dlls and Prevx did not report anything.

    I have checked in "My Prevx" under "Infections in your Network" and the two .dlls are present. They are listed as "AEINV.DLL Trojan.Vundo." and "AEPDU.DLL Trojan.Vundo"

    Is this applicable:

    "Posted by Microsoft on 18/05/2009 at 15:18
    Thank you for the suggestion. We have fixed this encompased bug by releasing an updated AEINV.DLL file. It can be found in the toolkit download on the connect site, and addresses the false positives for UAC testing.

    Thank you for this report,
    The Windows 7 Software Logo Team ?"


    Marserobert
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I suspect that if the DLLs were a false positive, they have already been fixed automatically - I can't see anything which would be returning malicious determinations from our database, but let me know if anything crops up again! :)
     
Thread Status:
Not open for further replies.