Suspected F/P of FakeAlert
I'm hoping this is a false positive (more after the report)
Using the right-click context scan on the file results in the malware portion detecting FakeAlert, though the heuristic (which I understand is being worked on) detects nothing.Code:--- Search result list --- Hint of the Day: Click the bar at the right of this to see more information! () FakeAlert: [SBI $809CB161] Library (File, nothing done) C:\WINDOWS\msvideo.dll --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) --- 2008-07-07 blindman.exe (1.0.0.8) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-07-07 SDFiles.exe (1.6.0.4) 2008-07-07 SDMain.exe (1.0.0.6) 2008-07-07 SDShred.exe (1.0.2.3) 2008-07-07 SDUpdate.exe (1.6.0.8) 2008-07-07 SDWinSec.exe (1.0.0.12) 2008-07-07 SpybotSD.exe (1.6.0.30) 2008-08-18 TeaTimer.exe (1.6.2.23) 2005-11-06 unins000.exe (51.41.0.0) 2008-07-12 unins001.exe (51.49.0.0) 2008-07-07 Update.exe (1.6.0.7) 2007-08-31 _SpybotSD.exe (1.5.1.15) 2008-07-07 advcheck.dll (1.6.1.12) 2007-04-02 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2008-06-14 DelZip179.dll (1.79.11.1) 2008-07-07 SDHelper.dll (1.6.0.12) 2008-06-19 sqlite3.dll 2008-07-07 Tools.dll (2.1.5.7) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2008-09-02 Includes\Adware.sbi 2008-09-09 Includes\AdwareC.sbi 2008-06-03 Includes\Cookies.sbi 2008-09-02 Includes\Dialer.sbi 2008-09-09 Includes\DialerC.sbi 2008-07-23 Includes\HeavyDuty.sbi 2008-09-02 Includes\Hijackers.sbi 2008-09-02 Includes\HijackersC.sbi 2008-09-09 Includes\Keyloggers.sbi 2008-09-09 Includes\KeyloggersC.sbi 2008-09-09 Includes\Malware.sbi (*) 2008-09-16 Includes\MalwareC.sbi (*) 2008-09-02 Includes\PUPS.sbi 2008-09-11 Includes\PUPSC.sbi 2007-11-07 Includes\Revision.sbi 2008-06-18 Includes\Security.sbi 2008-09-02 Includes\SecurityC.sbi 2008-06-03 Includes\Spybots.sbi 2008-06-03 Includes\SpybotsC.sbi 2008-09-02 Includes\Spyware.sbi 2008-09-16 Includes\SpywareC.sbi 2008-06-03 Includes\Tracks.uti 2008-09-16 Includes\Trojans.sbi 2008-09-16 Includes\TrojansC.sbi 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 3 (5.1.2600) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398) / Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734) / Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782) / Windows XP: Security Update for Windows XP (KB923689) / Windows XP: Security Update for Windows XP (KB941569) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533) / Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838) / Windows XP / SP2: Windows XP Service Pack 2 / Windows XP / SP3: Windows XP Service Pack 3 / Windows XP / SP4: Security Update for Windows XP (KB938464) / Windows XP / SP4: Security Update for Windows XP (KB946648) / Windows XP / SP4: Security Update for Windows XP (KB950760) / Windows XP / SP4: Security Update for Windows XP (KB950762) / Windows XP / SP4: Security Update for Windows XP (KB950974) / Windows XP / SP4: Security Update for Windows XP (KB951066) / Windows XP / SP4: Update for Windows XP (KB951072-v2) / Windows XP / SP4: Security Update for Windows XP (KB951376) / Windows XP / SP4: Security Update for Windows XP (KB951376-v2) / Windows XP / SP4: Security Update for Windows XP (KB951698) / Windows XP / SP4: Security Update for Windows XP (KB951748) / Windows XP / SP4: Update for Windows XP (KB951978) / Windows XP / SP4: Hotfix for Windows XP (KB952287) / Windows XP / SP4: Security Update for Windows XP (KB952954) / Windows XP / SP4: Security Update for Windows XP (KB953839)
Something somewhat unexpected was, when I copied msvideo.dll to a folder I've set aside for possible false positives (for ease of locating at a later date) the copy was not considered bad by the single file scan or the full scan (after I added the folder for possible false positives as a download directory for the purpose of the scan) though the original file still tested positive with both. I ran the copy through some online scans (which came back negative) before I noticed the above, so I'll understand if you want me to try sending the original through them.
Finally, the description SpyBot gives indicates that FakeAlert creates an autorun entry but I don't see anything that arouses my suspicion.
Reply With Quote
