Results 1 to 7 of 7

Thread: Win32/Malum.AFIT Infection Query

  1. #1
    kygs Guest

    Default Win32/Malum.AFIT Infection Query

    Hi,
    Today my ZoneAlarm Security Suite (version 6.5.737.000) reported to have found a virus infection for
    Win32/Malum.AFIT in Windows\System32\madCHook.dll

    It's been quarantined, but when I click on the "More Info" button on the Anti Virus Quarantined View for this infection it reports that there's no information to be found about this type of infection.

    Has anyone else had this particular infection detected by ZoneAlarm Security Suite?
    And, if it is a true, known-about virus, how come I can't find any info on it?

    Any help gratefully received!

    Cheers.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32/Malum.AFIT Infection Query

    Hi!you can find general info on Malum family here:http://www3.ca.com/securityadvisor/v....aspx?ID=41829Or just goggle "win32.malum" to get other info on the specific infections.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    kygs Guest

    Default Re: Win32/Malum.AFIT Infection Query

    Cheers for that.

    Having done more Google-ing on the affected file "madCHook.dll", I found several articles talked about this file giving false positives, because it is used for API hooking/DLL injection - techniques that some viruses use, too.
    I wonder if this file was updated in the recent Feb lot of Microsoft patches and perhaps ZoneAlarm is picking up on this. What do you think?

    I would be interested to know if any other users have had a similar problem.

    Regards.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32/Malum.AFIT Infection Query

    Hi!you could upload that specific dll to www.virustotal.com and see what other AV will say.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    kygs Guest

    Default Re: Win32/Malum.AFIT Infection Query

    Hi,
    Thanks for that URL - a very useful site! Although results were mixed. Most of the antivirus tools it used to scan the file came up with "no virus found" and a few mentioned that it was not a risk (see output below). These results lead me to the belief that it's not a threat. If it were a threat I cant believe so many other anti virus toos wouldn't flag it up as a virus.

    Regards.


    Complete scanning result of "madCHook.dll", received in VirusTotal at 02.24.2007, 20:10:43 (CET).

    Antivirus Version Update Result
    AntiVir 7.3.1.38 02.24.2007 no virus found
    Authentium 4.93.8 02.23.2007 no virus found
    Avast 4.7.936.0 02.23.2007 no virus found
    AVG 386 02.23.2007 no virus found
    **bleep** 7.2 02.24.2007 Spyware.Hooker.A
    CAT-QuickHeal 9.00 02.24.2007 no virus found
    ClamAV devel-20060426 02.24.2007 no virus found
    DrWeb 4.33 02.24.2007 no virus found
    eSafe 7.0.14.0 02.23.2007 no virus found
    eTrust-Vet 30.4.3424 02.23.2007 Win32/Malum.AFIT
    Ewido 4.0 02.24.2007 no virus found
    FileAdvisor 1 02.24.2007 no virus found
    Fortinet 2.85.0.0 02.24.2007 HackerTool/Hooker
    F-Prot 4.3.1.45 02.22.2007 no virus found
    F-Secure 6.70.13030.0 02.24.2007 no virus found
    Ikarus T3.1.0.31 02.24.2007 not-a-virus:RiskTool.Win32.Hooker.a
    Kaspersky 4.0.2.24 02.24.2007 not-a-virus:RiskTool.Win32.Hooker.a
    McAfee 4970 02.23.2007 no virus found
    Microsoft 1.2204 02.24.2007 no virus found
    NOD32v2 2079 02.24.2007 Win32/RiskWare.Hooker.A
    Norman 5.80.02 02.23.2007 no virus found
    Panda 9.0.0.4 02.24.2007 no virus found
    Prevx1 V2 02.24.2007 no virus found
    Sophos 4.14.0 02.24.2007 MadCodeHook
    Sunbelt 2.2.907.0 02.24.2007 VIPRE.Suspicious
    Symantec 10 02.24.2007 no virus found
    TheHacker 6.1.6.063 02.23.2007 Aplicacion/Hooker.a
    UNA 1.83 02.23.2007 no virus found
    VBA32 3.11.2 02.23.2007 no virus found
    VirusBuster 4.3.19:9 02.24.2007 no virus found

    Aditional Information
    File size: 58880 bytes
    MD5: 277bfff6699f6df3c54fba2066ae1611
    SHA1: 5975e4570d03d0fb0476827e022e18587f7ba95e
    packers: UPX
    packers: UPX
    packers: UPX
    Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32/Malum.AFIT Infection Query

    You're welcome!Yep, looks like more a riskware than real thread... if you know the origin of this file and by which application is used than I would not be worried...Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    kygs Guest

    Default Re: Win32/Malum.AFIT Infection Query

    Okay, cheers for your help!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •