FP with Trojan Hunter?

Forums » Up and Running » Security » Security » FP with Trojan Hunter?


Uniqs: 1836	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Virtualized rootkits - Part 1 »
« Why does Windows Defender Get such a Bad Rep?

sammysnake Never Forget 911 Premium join:2002-01-19 Salt Lake City, UT ·Qwest.net ·Comcast Formerly ..	FP with Trojan Hunter? I just finished updating AVG Free, defs from 8/24/07, and Trojan Hunter, defs from 8/25/07, and while AVG comes up clean Trojan Hunter flags this: Found trojan file: C:\Program Files\Grisoft\AVG Free\avgmvfl.dll (Generic.LdPinch.A) Anyone else seeing this and is it a FP? Sammy
	permalink · 2007-08-25 12:17:47 ·

MagnusM Premium join:2001-07-07	Re: FP with Trojan Hunter? This is almost certainly a false positive. Could you email the file to support@misec.net for analysis? -- Mischel Internet Security http://www.misec.net
	permalink · 2007-08-25 12:32:53 ·

sammysnake Never Forget 911 Premium join:2002-01-19 Salt Lake City, UT	Re: FP with Trojan Hunter? File sent. Thanks Magnus. Sammy
	permalink · 2007-08-25 12:44:28 ·

hayc59 VoodooChild Premium join:2001-02-26 David R.I.P.	Magnus, hello and kudos for stoppin by
	permalink · 2007-08-25 12:34:41 ·

MagnusM Premium join:2001-07-07	Thanks, file received and analyzed. This is indeed a false positive and I've uploaded corrected signatures. Run LiveUpdate and this file should no longer be detected on your next scan. -- Mischel Internet Security http://www.misec.net
	permalink · 2007-08-25 12:55:14 ·

sammysnake Never Forget 911 Premium join:2002-01-19 Salt Lake City, UT 1 edit	Re: FP with Trojan Hunter? Thank you Magnus!
	permalink · 2007-08-25 13:04:26 ·

sammysnake
Never Forget 911
Premium
join:2002-01-19
Salt Lake City, UT

·Qwest.net

·Comcast Formerly ..

Now I get this when I do a full scan with the latest updated defs:

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Error: Error while scanning C:\DELL\MEDIAEXE\PXCPYI64.EXE: Unknown machine type: 0x200 (C:\DELL\MEDIAEXE\PXCPYI64.EXE)
Error: Error while scanning C:\DELL\MEDIAEXE\PXHELP64.SYS: Unknown machine type: 0x200 (C:\DELL\MEDIAEXE\PXHELP64.SYS)
Error: Error while scanning C:\DELL\MEDIAEXE\PXINSI64.EXE: Unknown machine type: 0x200 (C:\DELL\MEDIAEXE\PXINSI64.EXE)
Error: Error while scanning C:\DELL\PXCPYI64.EXE: Unknown machine type: 0x200 (C:\DELL\PXCPYI64.EXE)
Error: Error while scanning C:\DELL\PXHELP64.SYS: Unknown machine type: 0x200 (C:\DELL\PXHELP64.SYS)
Error: Error while scanning C:\DELL\PXINSI64.EXE: Unknown machine type: 0x200 (C:\DELL\PXINSI64.EXE)
Error: Error while scanning C:\I386\PMSPL.DLL: This is not a PE format
Error: Error while scanning C:\I386\pxcpyi64.exe: Unknown machine type: 0x200 (C:\I386\pxcpyi64.exe)
Error: Error while scanning C:\I386\pxinsi64.exe: Unknown machine type: 0x200 (C:\I386\pxinsi64.exe)
Error: Error while scanning C:\WINDOWS\SYSTEM32\PMSPL.DLL: This is not a PE format
Error: Error while scanning C:\WINDOWS\SYSTEM32\pxcpyi64.exe: Unknown machine type: 0x200 (C:\WINDOWS\SYSTEM32\pxcpyi64.exe)
Error: Error while scanning C:\WINDOWS\SYSTEM32\pxinsi64.exe: Unknown machine type: 0x200 (C:\WINDOWS\SYSTEM32\pxinsi64.exe)
No trojan files found

Mind you.... the files listed above have always been on this machine and have never been flagged before.

Sammy

permalink · 2007-08-25 14:07:16 · Print ·

MagnusM
Premium
join:2001-07-07

Ah... this has to do with support for scanning 64-bit executables that was recently added. The scanner doesn't recognize the machine type flag in the files listed above and throws an error. Of course, that shouldn't be happening so I will fix this ASAP.

If anyone is interested in the technical explanation, the files that give this error are files with machine type IMAGE_FILE_MACHINE_IA64, which is the Itanium architecture. This is separate from the x64 (AMD-64) architecture which is just the regular 64-bit format, which is why it was omitted.

Thanks Sammy for reporting this! I will upload a corrected version to the servers in the next 30 minutes.
--
Mischel Internet Security
http://www.misec.net

permalink · 2007-08-25 14:24:29 · Print ·

sammysnake Never Forget 911 Premium join:2002-01-19 Salt Lake City, UT ·Qwest.net ·Comcast Formerly ..	Re: FP with Trojan Hunter? Thank you again Magnus, all is well in snakeland again as shown: Registry scan No suspicious entries found Inifile scan No suspicious entries found Port scan No suspicious open ports found Memory scan No trojans found in memory File scan No trojan files found Sammy
	permalink · 2007-08-25 15:04:58 ·

La Luna Surviving Ashraful Premium join:2001-07-12 Warwick, NY clubs:	Wow, talk about a quick response and fix. Awesome!! Just another reason why I like TH.
	permalink · 2007-08-25 16:05:30 ·

your comment..

Forums » Up and Running » Security » Security	Virtualized rootkits - Part 1 » « Why does Windows Defender Get such a Bad Rep?


Wednesday, 09-Dec 07:24:39	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF

Re: FP with Trojan Hunter?

Re: FP with Trojan Hunter?

Re: FP with Trojan Hunter?

Re: FP with Trojan Hunter?