rain40
2008-09-23, 19:45
I'm hoping this is a false positive (more after the report)
--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information!
()
FakeAlert: [SBI $809CB161] Library (File, nothing done)
C:\WINDOWS\msvideo.dll
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2005-11-06 unins000.exe (51.41.0.0)
2008-07-12 unins001.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2007-08-31 _SpybotSD.exe (1.5.1.15)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-09-02 Includes\Adware.sbi
2008-09-09 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-09-02 Includes\Dialer.sbi
2008-09-09 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-09-02 Includes\Hijackers.sbi
2008-09-02 Includes\HijackersC.sbi
2008-09-09 Includes\Keyloggers.sbi
2008-09-09 Includes\KeyloggersC.sbi
2008-09-09 Includes\Malware.sbi (*)
2008-09-16 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi
2008-09-11 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-09-02 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-09-02 Includes\Spyware.sbi
2008-09-16 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-09-16 Includes\Trojans.sbi
2008-09-16 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1
(KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to
another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4
(KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9
(KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9
(KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB953838)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
Using the right-click context scan on the file results in the malware portion detecting FakeAlert, though the heuristic (which I understand is being worked on) detects nothing.
Something somewhat unexpected was, when I copied msvideo.dll to a folder I've set aside for possible false positives (for ease of locating at a later date) the copy was not considered bad by the single file scan or the full scan (after I added the folder for possible false positives as a download directory for the purpose of the scan) though the original file still tested positive with both. I ran the copy through some online scans (which came back negative) before I noticed the above, so I'll understand if you want me to try sending the original through them.
Finally, the description SpyBot gives indicates that FakeAlert creates an autorun entry but I don't see anything that arouses my suspicion.
--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information!
()
FakeAlert: [SBI $809CB161] Library (File, nothing done)
C:\WINDOWS\msvideo.dll
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2005-11-06 unins000.exe (51.41.0.0)
2008-07-12 unins001.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2007-08-31 _SpybotSD.exe (1.5.1.15)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-09-02 Includes\Adware.sbi
2008-09-09 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-09-02 Includes\Dialer.sbi
2008-09-09 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-09-02 Includes\Hijackers.sbi
2008-09-02 Includes\HijackersC.sbi
2008-09-09 Includes\Keyloggers.sbi
2008-09-09 Includes\KeyloggersC.sbi
2008-09-09 Includes\Malware.sbi (*)
2008-09-16 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi
2008-09-11 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-09-02 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-09-02 Includes\Spyware.sbi
2008-09-16 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-09-16 Includes\Trojans.sbi
2008-09-16 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1
(KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to
another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4
(KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9
(KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9
(KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7
(KB953838)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
Using the right-click context scan on the file results in the malware portion detecting FakeAlert, though the heuristic (which I understand is being worked on) detects nothing.
Something somewhat unexpected was, when I copied msvideo.dll to a folder I've set aside for possible false positives (for ease of locating at a later date) the copy was not considered bad by the single file scan or the full scan (after I added the folder for possible false positives as a download directory for the purpose of the scan) though the original file still tested positive with both. I ran the copy through some online scans (which came back negative) before I noticed the above, so I'll understand if you want me to try sending the original through them.
Finally, the description SpyBot gives indicates that FakeAlert creates an autorun entry but I don't see anything that arouses my suspicion.