View Full Version : FP - Win32.Zhelatin.k ?

2007-07-03, 22:34
Hiya :)

I think that this is a false positive (case here (http://forums.spybot.info/showthread.php?t=15458)):

HKEY_USERS\S-1-5-21-3293823761-4021508746-2703944788-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\x\greeting card.exe

Seems that the ArcSoft (http://www.arcsoft.com/products/greetingcardcreator/) also has a program which uses a file named "greeting card.exe". It is the same filename as Zhelatin.k uses :fear:


2007-07-05, 08:36

thanks for reporting, it is a false positive and will be corrected with the next update scheduled for next week.

2007-07-05, 18:57
OK thank you :bigthumb:

2007-07-18, 00:37
Hi there. I gather Tashi's reopened this forum for me because I'm getting alerts about that trojan again. I sent the following to her:

I had a discussion going that's now closed - http://forums.spybot.info/showthread...070458&t=15458 - and the team decided I was getting a "false positive." I'd like some reassurance please. I was told that this would be corrected in a week, but I'm still getting notifications from Spybot that I have a trojan called Win32.Zhelatin.k, with the same registry key cited. Can you confirm that this is still nothing to worry about, and that the team hasn't yet had a chance to take Win32.Zhelatin.k off its hit list?:sad:

2007-07-18, 12:51
thank you for reporting,
this will be corrected with the update this week, it looks like we skipped the trojans.sbi last week :oops:

But you need not be concerned about detections showing MuiCache, those are actually usagetracks and will be treated as such in the near future.

2007-07-19, 07:05
Thanks, Yodama. I'm reassured.:bigthumb:

2007-07-22, 06:45
Hi Jake. Can I still post here? I want to ask about the various software packages you advised me to install (ATF Cleaner, SpywareBlaster, MVPS Hosts). I did so, and other than auto updates for firefox, windows and java nothing else has changed on my system. But this is what I've got on two separate occasions this past week:

Windows Virtual Memory Minimum Too Low
Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory rquests for some applications may be denied. For more information, see Help.

I've had my computer for 6 years and never seen this alert before. I checked the help & support feature, and was advised to set my virtual memory paging file to "system managed size," so I did that. But I'm wondering why I would get that message. I tend to run about four applications at once, sometimes more, but I only had Outlook, Firefox and Word open at the time (other than the various anti-virus/-malware packages operating in the background).

So I'm asking if any of those packages (ATF, SpywareBlaster & MVPS) could have upset my system. The last unusual thing I did was use ATF to clean out all the "selected files" yesterday. What do you think?

(Should I be posting somewhere else?)

2007-07-22, 20:59
Hello Benzmum :)

Sorry for the delay...

Ok the MVPS Hosts might slow your computer down especially if you didn't follow the advice in the "Editors note"-section:


Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.

To resolve this issue (manually) open the "Services Editor"

* Start | Run (type) "services.msc" (no quotes)
* Scroll down to "DNS Client", Right-click and select: Properties
* Click the drop-down arrow for "Startup type"
* Select: Manual, or Disabled (recommended) click Apply/Ok and restart.

ATF Cleaner and SpywareBlaster shouldn't slow down the computer.

Let me know if it helped :)

2007-07-23, 06:20
OK, I've set the Startup type to disabled - thanks. But I'm wondering what that's got to do with Virtual Memory being too low. I understand that my machine would be slowed down if I didn't change the DNS Client setting, but I thought the alert I was getting meant I was running out of useable memory. Can you explain this for me, please?

2007-07-23, 18:29
Hello :)

When the service is enabled and running with a big hosts file it will eat tons of memory. This caused the "Virtual Memory being too low" message.


2007-07-24, 03:27
Hah! Got it. Thanks so much for explaining all that to me, Jake.:crowned:

2007-07-24, 19:04
You're very welcome :D:

2007-07-27, 04:11
I just got that Virtual Memory Minimum Too Low alert again. Sorry to be a pest, but it seems like there's one befuddling thing after another. I double-checked my DNS Client and it does indeed have Disabled as its Startup Type. I've looked at more of the info on the mvps site as well, but it only confuses me further.

what do you think? :sad:

2007-07-27, 21:49
Ok I'd like to see the fresh HijackThis log. It is though possible that you just don't have enough memory..

Please post a fresh HijackThis log to the topic I re-opened -> http://forums.spybot.info/showthread.php?t=15458