Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 20572 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

massive mail alerts : dnsapi.dll

CHU-Brugmann

Hello,

since this morning we have a lot of alert on PC:

File "C:\Windows\winsxs\Temp\PendingRenames\75f17bdfbd1dd401621600005c0e040d.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791" belongs to virus/spyware 'Mal/Generic-S'.

 

If we open the status of a PC in the console we have this entries:
Items detected Date/time Type Name Sub-type Details Reference Action taken Username 
17/07/2018 09:18:02 Virus/spyware Mal/Generic-S C:\Windows\winsxs\Temp\PendingRenames\da32d2489e1dd40162160000a001140c.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791 Removed from quarantine listNT AUTHORITY\SYSTEM
17/07/2018 09:17:57 Virus/spyware Mal/Generic-S C:\Windows\winsxs\Temp\PendingRenames\da32d2489e1dd40162160000a001140c.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791 Blocked NT AUTHORITY\SYSTEM

If I do a manual scan, nothing detected. Is there a chance of a false positive?

All the best.



This thread was automatically locked due to age.
Parents
  • 0

    We are getting the same alert from Sophos here.  It seems like a false positive on that dll, which looks like it is being updated as part of a Windows Update.

  • 0 in reply to BPAC_NM

    Can you tell what Windows Updates were pushed out today.

     

    Also other than the detection is there any impact caused by this? does the Windows Update break for example?

  • 0 in reply to PeterM

    We pushed out this months batch of Windows Updates, and we only saw it on our Windows 7 installs (all x64).

    Doesn't appear to be affecting the computers as far as I can tell, plus we haven't had any more alerts since the initial batch all between 12:04pm and 12:08pm.  Enterprise Console isn't listing any computers with alerts, so maybe it was just a temporary moment of confusion.

Reply
  • 0 in reply to PeterM

    We pushed out this months batch of Windows Updates, and we only saw it on our Windows 7 installs (all x64).

    Doesn't appear to be affecting the computers as far as I can tell, plus we haven't had any more alerts since the initial batch all between 12:04pm and 12:08pm.  Enterprise Console isn't listing any computers with alerts, so maybe it was just a temporary moment of confusion.

Children
Unfiltered HTML