strix

false positive?

10 posts in this topic

Hi, can anyone help me to determine if this is a legit threat or just a false positive (before i go through the painstaking process of changing all my passwords...)

Infected file:

C:\WINDOWS\mplayerplgn.dll (Trojan.BHO) -> No action taken.

Registry:

HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{1fd79a59-37b1-459b-9097-09f9fab8a523} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{b97f9125-71a1-48d0-b920-f140ef8de809} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> No action taken.

All from a quick scan. Full scan came up with an additional file:

mfc42u.dll as malware.packer.gen, from The Sage dictionary. False positive?

Share this post


Link to post
Share on other sites

The same files with a quickscan:

Files:

C:\WINDOWS\mplayerplgn.dll (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

Registry:

HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

HKEY_CLASSES_ROOT\TypeLib\{1fd79a59-37b1-459b-9097-09f9fab8a523} (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

HKEY_CLASSES_ROOT\Interface\{b97f9125-71a1-48d0-b920-f140ef8de809} (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

HKEY_CLASSES_ROOT\CLSID\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> No action taken. [85DCBDB239B2414800501F44D3EAAE86]

Share this post


Link to post
Share on other sites

This has been our database for a very long time with no reports . It would be helpful to have a copy of mplayerplgn.dll to take a look at . Zip and attach it to your next post please .

I have fixed the FP in the next update , I only need the file to double check something .

Share this post


Link to post
Share on other sites

Thanks for the headsup. However MBAM doesn't find the file now that the registry keys are quarantied. Is it harmless or should I remove it to be sure?

Share this post


Link to post
Share on other sites

I see. The avira antivir comes up with nothing either (apart from my accelfix), in any case should I be worried that my passwords are leaked or is it a "light" threat?

Share this post


Link to post
Share on other sites

It's not a password stealer, as far as I know, so a light threat, I guess

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.