False positive zlibwapi ?

[Joergenr]

Hi

Spybot Search & Destroy flagged this file as being infected with Virtumonde.sdn TrojansC-04

zlibwapi C:\WINDOWS\system32
Version: 1.2.2
Description: zlib data compression library
Copyright: (C) 1995-2003 Jean-loup Gailly & Mark Adler

Found on Windows XP sp.3

Result from Virus total:
MD5: 91a4eeb39ed3054f558795cfcdb13fa8
First received: 2009.02.11 22:34:15 UTC
Dato 2009.11.17 17:33:42 UTC [>147D]
Resultat 0/41
Permalink: analisis/0d38360003865e84a2842c337d7c440c8ab4c41809cc87b8758df6d852c02afc-1258479222 http://www.virustotal.com/dk/analisi...afc-1258479222
Result from Malwarebytes' Antimalware: Nothing found

Spybot S&D 1.6.2.46 Malware definitions updated 14. april 2010
Spybot S&D context menu scan: Nothing found!!??

I scanned the computer twice with same result.
Anybody else found this

[Yodama]

Hello,

thank you for reporting this issue.
I can confirm this false positive, it will be corrected with the next detection update scheduled for Wednesday 2010-04-21.

Until then please set Spybot S&D to ignore this detection via the scan results context menu.

[Joergenr]

Hi Yodama

Thank you for looking in to this.

Do you know why there is a difference in the scanning results between Spybot S&D and the context menu scan? The context menu scan newer flagged this file as infected.

JR

[Yodama]

hello,

Spybot S&D and the context menu scan partly use different attributes during scan if not explicitly directed (by detection rule) not to.
In case of this false positive Spybot S&D used weak detection parameters which resulted in the false positive.

[beyondo]

I'm also getting a detection on zlibwapi.dll, but in my case, it's different version:

C:\WINDOWS\system32\zlibwapi.dll
Version: 1.2.3.0
Description: zlib data compression library
Copyright: (C) 1995-2003 Jean-loup Gailly & Mark Adler

MD5: 484e0b4a5cd6edba3c25231a86fcce89

I'm hoping this is the same false detection.

[Yodama]

hello,

yes, it is the same false positive.