Mal/Generic-S detection during Windows update (dnsapi.dll) – Resolved

Sophos is currently investigating detections of Mal/Generic-S reported by a small number of customers during a Windows update. Customers may see the following alert:

File “C:WindowswinsxsTempPendingRenames3975a596a21dd4018d1900007047c43d.wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_4ab46d1fe69c9ba2_dnsapi.dll_c81f5791” belongs to virus/spyware ‘Mal/Generic-S’.

This has been determined to be a temporary file which is created during the update and not the final dnsapi.dll file.

File hash SHA1: 1024959e01ae4365eea1adb74dc9a58be228ca2e

SHA256: 4672c44629f38eabbf3b797866ab9f65bf0a99af49c204bc5c7ee75def3418b1

The Windows update involved was: KB4338818. There is no known impact caused by this issue and Windows Update reports the computer is up to date afterwards.

This issue is known to affect Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 only.

The issue was resolved earlier today (11:15 UTC). Any new detections will be the result of cached data and can be ignored.

If you are still experiencing detections for this issue and are concerned please contact Sophos Support.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.


Leave a Reply