Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

massive mail alerts : dnsapi.dll


since this morning we have a lot of alert on PC:

File "C:\Windows\winsxs\Temp\PendingRenames\75f17bdfbd1dd401621600005c0e040d.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791" belongs to virus/spyware 'Mal/Generic-S'.


If we open the status of a PC in the console we have this entries:
Items detected Date/time Type Name Sub-type Details Reference Action taken Username 
17/07/2018 09:18:02 Virus/spyware Mal/Generic-S C:\Windows\winsxs\Temp\PendingRenames\da32d2489e1dd40162160000a001140c.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791 Removed from quarantine listNT AUTHORITY\SYSTEM
17/07/2018 09:17:57 Virus/spyware Mal/Generic-S C:\Windows\winsxs\Temp\PendingRenames\da32d2489e1dd40162160000a001140c.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791 Blocked NT AUTHORITY\SYSTEM

If I do a manual scan, nothing detected. Is there a chance of a false positive?

All the best.

This thread was automatically locked due to age.