pickwick
2008-10-02, 13:48
Using the right click scan Spybot is showing the following files in system32 to be infected
COMCTL32.OCX with Stablaster.MemoryWatcher.b
docprop.dll with Fraud.PCHealth
Npptools.dll with Protexis.RecOnServer
rundll32.exe with Win32.Delf.rtk
sc.exe with Win32.Hupigon.C
I initially scanned rundll32.exe because it had appeared in my Comodo firewall trying to go online. On my old Windows 98 computer I was used to the Norton pop out flag telling me rundll.exe was going online but in XP I have not known rundll32.exe to go online. It was using its correct parent program explorer.exe. Nod 32 scanned it as clean and the standard Spybot scan for problems was also giving the all clear for the system. Right clicking on the file using the Spybot scan brought a result of Malware nothing found, but heuristics gave the infected result. As rundll32.exe showed no infection on both the Total Virus and the Jotti sites I decided to scan the whole system 32 folder with the right click Spybot scan. The results from that scan are above, again they were all heuristic results, and again Total virus and Jotti cleared all the files. Surely the Spybot results must be false positives, apart from my slight doubt about rundll32.exe; there are no indications of computer problems or other unusual activities with the firewall.
Apart from Nod32, Comodo and Spybot with teatimer running, I also use a-squared free, Ad-Aware, Boclean, Spywareblaster and Winpatrol. I have active scripting disabled in Internet Explorer, I only enable it when absolutely necessary on very specific sites, Active X I use prompts for and generally block it for most sites. I use Total virus and Jotti if I have any uncertainty about a specific file accessing the Internet. I do full system scans on a daily basis.
Windows XP home SP2
Internet Explorer 7
Spybot version 1.6.0.30 Last detection update 24/9/08
COMCTL32.OCX with Stablaster.MemoryWatcher.b
docprop.dll with Fraud.PCHealth
Npptools.dll with Protexis.RecOnServer
rundll32.exe with Win32.Delf.rtk
sc.exe with Win32.Hupigon.C
I initially scanned rundll32.exe because it had appeared in my Comodo firewall trying to go online. On my old Windows 98 computer I was used to the Norton pop out flag telling me rundll.exe was going online but in XP I have not known rundll32.exe to go online. It was using its correct parent program explorer.exe. Nod 32 scanned it as clean and the standard Spybot scan for problems was also giving the all clear for the system. Right clicking on the file using the Spybot scan brought a result of Malware nothing found, but heuristics gave the infected result. As rundll32.exe showed no infection on both the Total Virus and the Jotti sites I decided to scan the whole system 32 folder with the right click Spybot scan. The results from that scan are above, again they were all heuristic results, and again Total virus and Jotti cleared all the files. Surely the Spybot results must be false positives, apart from my slight doubt about rundll32.exe; there are no indications of computer problems or other unusual activities with the firewall.
Apart from Nod32, Comodo and Spybot with teatimer running, I also use a-squared free, Ad-Aware, Boclean, Spywareblaster and Winpatrol. I have active scripting disabled in Internet Explorer, I only enable it when absolutely necessary on very specific sites, Active X I use prompts for and generally block it for most sites. I use Total virus and Jotti if I have any uncertainty about a specific file accessing the Internet. I do full system scans on a daily basis.
Windows XP home SP2
Internet Explorer 7
Spybot version 1.6.0.30 Last detection update 24/9/08