I have asked F-secure about this.
I´ll get back to you with their answer when I get a reply.
Cheers!
I have asked F-secure about this.
I´ll get back to you with their answer when I get a reply.
Cheers!
@hvtemp
PepiMK has updated his post above, if possible follow the 3 items he posted
Update:
1. Check if you're using Spybot-S&D 1.4 and NOT 1.3. The old 1.3 is not capable of checking the advanced properties and may use only the name "LAYERED_PROVIDER", and not the contents itself.
2. Could someone who has only F-Secure please email his mswsck32.dll to detections(at-sign)spybot.info, with attention to Vanvi and Patrick?
3. Someone with this installed and shown in results, could you please switch Spybot to Advanced Mode, go to Tools -> Winsock LSPs, right-click the list, copy it to clipboard and paste it here? (you can cut out everything not related to mswsck32.dll and LAYERED_something )
PepiMK,
1. I am using Spybot S&D 1.4.
2. I did a file search for mswsck32.dll on my system and no file was found. There is (as you can see below) a similar-named file "mswsock.dll" on my system, though. I don't know where Yodama came up with mswsck32.dll as neither I nor hvtemp mentioned that in our posts? I am the original poster. I have F-Secure, though my version is supplied by my Cable Provider and not purchased directly from F-Secure.
3. Here's a copy of my Winsock LSP page:
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {961B22D8-CC72-44E9-8C73-786D25884C1A}
Filename: winsflt.dll
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {20244282-0F5F-4C1F-B740-5A1E7894A699}
Filename: winsflt.dll
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {53FF899B-51DA-4826-BA9E-074F62E1AF16}
Filename: winsflt.dll
Protocol 3: RSVP UDP Service Provider
GUID: {A0C1E165-5CB2-43D2-933C-349C58E3A111}
Filename: winsflt.dll
Protocol 4: RSVP TCP Service Provider
GUID: {D32D899F-8550-4992-A946-B2CC2B69DD75}
Filename: winsflt.dll
Protocol 5: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 7: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 8: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B613B07-A34C-4B52-9EE3-9CDBCDD6F2EF}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B613B07-A34C-4B52-9EE3-9CDBCDD6F2EF}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A3466ACD-D900-4CE0-8A07-93EEC8895374}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A3466ACD-D900-4CE0-8A07-93EEC8895374}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{67630850-E1F1-4FF2-BEC2-A772321452BA}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{67630850-E1F1-4FF2-BEC2-A772321452BA}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D459AF6-EE81-4557-A9CC-34B5E71948CC}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D459AF6-EE81-4557-A9CC-34B5E71948CC}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2BF05593-7504-4598-BD8E-A5E7900B710F}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2BF05593-7504-4598-BD8E-A5E7900B710F}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: LAYERED_PROVIDER
GUID: {5A81F161-AF30-A1CF-8927-00AA90359F1D}
Filename: winsflt.dll
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\rnr20.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Hmmm the only LAYERED_thing is this:
But the filename is different, so Spybot shouldn't flag it.Protocol 20: LAYERED_PROVIDER
GUID: {5A81F161-AF30-A1CF-8927-00AA90359F1D}
Filename: winsflt.dll
Maybe Yodama came up with that name since there has been an email about it as well (I seem to remember seeing one in an inbox). Can't find anything about winsflt.dll though - shouldn't be detected that way will have to look depper
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
1. Am using Spybot - Search & Destroy version: 1.4 (build: 20050523)
2. Could not find any mswsck32 in computer or in text file from spybot.
3. The only thing I found was a about "layered_......" Se below:
Protocol 16: LAYERED_PROVIDER
GUID: {5A81F161-AF30-A1CF-8927-00AA90359F1D}
Filename: winsflt.dll
---------------------------
I tried a few online scanners.
Symantec= No Cimuz
PandaSoftware= No Cimuz
McAffe= No Cimuz
Windows Defender or Lavasoft adaware doesnt find Cimuz.
I got an answer from F-secure:
"This is most likely a false alarm. Please locate the file that is
detected as Cimuz by Spybot S&D and send this file to us for checking.
If you can't send the file please at least send the Spybot's scanning
report file where the name and location of an infected file can be seen."
I do hope that this can help Spybot finding an answer.
Regards
Mr H
I tried the 2007 30days full Demo.
With 2007: spybot finds no Cimuz.
With 2006: it does.
hmmm...... time to upgrade f-secure maybee?
hvtemp,
Like I said, this detection only occurs after the latest definitions update from Spybot. The previous definitions did not detect "Cimuz" even though I've been using F-Secure for months. I'm pretty sure it is correctable on Spybot's end. My version of F-Secure is bundled from my cable provider, and I don't have the budget to purchase my security suite if one is being offered me at no additional cost, so I am not at liberty to choose to pay for the 2007 version. Hopefully the fellows here can confirm to us if it is a false positive or not so we can know which direction to take.
Last edited by timzak; 2006-12-29 at 01:48.
So for those of us that don't have a backup, and who now have no interenet connection after removing this false positive, does anyone have any suggestions for how to fix it?
cmcnulty:
Unless you are indicating that you have changed the default setting in Spybot to "Create backups of fixed spyware problems for easy recovery", try going into Spybot-Search & Destroy > Recovery (left pane) > locate the "Backup" for the item that you removed in the right pane (expanding the recovery item if necessary with the [+]) and check it > then click the "Recover selected items" button at the top of the right pane.
Last edited by md usa spybot fan; 2006-12-30 at 18:24.
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Just an FYI, but I have "Create backups of fixed spyware problems for easy recovery" ENABLED, but when I had Spybot remove Cimuz (and lost my internet connection), it did NOT show up as a recoverable item on the Spybot Recovery page. That was the first thing I tried after discovering I lost my internet connection. I was fortunate to have a system backup to fall back on.