Mal/Generic-S detection during Windows update (dnsapi.dll): Resolved

Sophos has finished investigating detection’s of Mal/Generic-S reported by a small number of customers during a Windows update. Customers may see the following alert:

File "C:WindowswinsxsTempPendingRenames3975a596a21dd4018d1900007047c43d.wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_4ab46d1fe69c9ba2_dnsapi.dll_c81f5791" belongs to virus/spyware 'Mal/Generic-S'.

This has been determined to be a temporary file which is created during the update and not the final dnsapi.dll file.

File hash SHA1: 1024959e01ae4365eea1adb74dc9a58be228ca2e

SHA256: 4672c44629f38eabbf3b797866ab9f65bf0a99af49c204bc5c7ee75def3418b1

The Windows update involved was: KB4338818. There is no known impact caused by this issue and Windows Update reports the computer is up to date afterwards.

This issue is known to affect Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 only.

The issue was resolved Last July 17 2018 (11:15 UTC). Any new detection’s will be the result of cached data and can be ignored.

If you are still experiencing detection’s for this issue and are concerned please contact Sophos Support.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.


  • No Related Posts

Leave a Reply