Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: JESTERTB.DLL possible false positive

  1. #1
    Junior Member
    Join Date
    Oct 2005
    Location
    Cheshire, UK
    Posts
    8

    Default JESTERTB.DLL possible false positive

    Upon running my weekly scan today Spybot is flagging c:\windows\JESTERTB.DLL as virtumonde.sdn
    This file comes up clean by Avast, Trojan Hunter, SAS & MBAM.
    Submitted file to Virus Total - shows 0\41 (see attached)
    Submitted file to Jotti - shows 0\19 (see attached)

    Suggest this may be a false positive. Can supply copy if you wish.

    Windows XP-Pro SP3 fully patched.

    --- Search result list ---
    Virtumonde.sdn: [SBI $043FD2D1] Library (File, nothing done)
    C:\WINDOWS\JESTERTB.DLL
    Properties.size=21504
    Properties.md5=56DF1B6C087D4B9C0AB2318F226D3040
    Properties.filedate=1241085852
    Properties.filedatetext=2009-04-30 11:04:12

    Much obliged.

  2. #2
    Junior Member
    Join Date
    Oct 2005
    Location
    Cheshire, UK
    Posts
    8

    Default post

    To Team Spybot: Should I send in a copy of this file for your analysis?

    Cheers

    Gandalf

  3. #3
    Junior Member
    Join Date
    Oct 2005
    Location
    Cheshire, UK
    Posts
    8

    Default post

    Quote Originally Posted by Gandalf View Post
    To Team Spybot: Should I send in a copy of this file for your analysis?

    Cheers

    Gandalf
    I have sent the file in question for analysis.

    Gandalf

  4. #4
    Junior Member
    Join Date
    Jun 2010
    Posts
    1

    Default I Have The Same

    I have the same one here. Please post results of false positive analysis.

    Thanks

  5. #5
    Senior Member
    Join Date
    May 2009
    Posts
    236

    Default

    @@Gandalf

    Could you post the actual VirusTotal and Jotti links of the results?

    Also, see JESTERTB.DLL, Prevx. Do you have Notepad++ installed?

  6. #6
    Junior Member
    Join Date
    Oct 2005
    Location
    Cheshire, UK
    Posts
    8

    Default post

    Quote Originally Posted by AKFubar View Post
    I have the same one here. Please post results of false positive analysis.

    Thanks
    When they let me know, yes with pleasure.

    Quote Originally Posted by Gopher John View Post
    @@Gandalf

    Could you post the actual VirusTotal and Jotti links of the results?

    Also, see JESTERTB.DLL, Prevx. Do you have Notepad++ installed?
    Those virus-total and jotti attachments in my initial post are current - see dates.

    I do not have Notepad ++ onboard.

    Cheers

    Gandalf

  7. #7
    Junior Member
    Join Date
    Oct 2005
    Location
    Cheshire, UK
    Posts
    8

    Default

    Quote Originally Posted by Gandalf View Post
    When they let me know, yes with pleasure.



    Those virus-total and jotti attachments in my initial post are current - see dates.

    I do not have Notepad ++ onboard.

    Cheers

    Gandalf
    I have just had the file re-scanned at Virus Total and Jotti

    Virus Total
    http://www.virustotal.com/analisis/3...2e5-1277048229"]http://www.virustotal.com/analisis/3...2e5-1277048229

    Jotti
    http://virusscan.jotti.org/en/scanre...3ab2dd26b06690

  8. #8
    Senior Member
    Join Date
    May 2009
    Posts
    236

    Default

    Quote Originally Posted by Gandalf View Post
    Thanks for posting the links. This allows others to see the results exactly as you see them.

    Apparently, JESTERTB.DLL has had a lot of false positives over the years by many antivirus and antimalware programs. A lot of results were returned on a Google search.

  9. #9
    Junior Member
    Join Date
    Oct 2005
    Location
    Cheshire, UK
    Posts
    8

    Default

    Quote Originally Posted by Gopher John View Post
    Thanks for posting the links. This allows others to see the results exactly as you see them.

    Apparently, JESTERTB.DLL has had a lot of false positives over the years by many antivirus and antimalware programs. A lot of results were returned on a Google search.
    Hence my posting here GT.

    Gandalf

  10. #10
    Junior Member
    Join Date
    Jun 2010
    Posts
    1

    Default

    I chose to remove it and after restarting windows Spybot started automatically analysing the system, is it normal?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •