Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 55

Thread: capicom.dll/Win32.Application.Adware.WinAntiVirus

  1. #1
    rowantree Guest

    Default capicom.dll/Win32.Application.Adware.WinAntiVirus

    Hi,

    This evening on both my PC and my laptop ZASS 7.0 decided that the above was spyware so I let it quarantine it. It now tells me I should delete it but since it was in a Microsoft directory I'm not so sure.

    Anyone know what this is all about?

    Happened right after download of today's updates, hence even more suspicious.

    Many thanks,
    David.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    amethyst Guest

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    I'm glad you posted this. I got the same thing today. I quarantined it before writing down the name of the .dll. I've scanned the computer a few times, and I was just about to reboot and run another scan when I figured I should check these forums first. I did a google search of capicom.dll after I read your post, and everything I find on it looks legit. It seems to have something to do with encryption, stuff that's not relevant to me personally, but I wondered if deleting it would cause me to have some difficulty with secure web pages. My version of the .dll is 2.0.0.3, it is 456k in size, which corresponds to information I am seeing online. There is a more up to date version of the .dll than that.

    I think this scan result is a false positive. (Whew!)

    Hope that helps.

    Amethyst

  3. #3
    dave_beer Guest

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    I got the same thing from my weekly scan this evening. In addition to the DLL, ZA found a whole bunch of registry entries, some of which I have copied below from the ZA log:

    ASW,2007/04/12,21:32:00 -4:00 GMT,Win32.Application.Adware.WinAntiVirus,Trojan,M anual
    GUID-{54BA1E8F-818D-407F-949D-BAE1692C5C18}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{54BA1E8 F-818D-407F-949D-BAE1692C5C18}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CAPICOM.Attrib ute
    GUID-{E38FD381-6404-4041-B5E9-B2739258941F}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E38FD38 1-6404-4041-B5E9-B2739258941F}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CAPICOM.Certif icate
    GUID-{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FBAB033 B-CDD0-4C5E-81AB-AEA575CD1338}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CAPICOM.Certif icates
    GUID-{65104D73-BA60-4160-A95A-4B4782E7AA62}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{65104D7 3-BA60-4160-A95A-4B4782E7AA62}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CAPICOM.Chain
    GUID-{A440BD76-CFE1-4D46-AB1F-15F238437A3D}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A440BD7 6-CFE1-4D46-AB1F-15F238437A3D}
    Regist

    I followed the advice and quarantined it, but I am somewhat suspicious.

    P.S. The DLL is digitally signed by Microsoft.

    Message Edited by dave_beer on 04-13-200701:24 AM

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  4. #4
    technoweary Guest

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    I am pretty sure I got this today too; at least I got a Win32 spyware/malware on my spyware scan today. I did not get the whole name of it but it started as "Win32" and had a bunch of the code listed in the details section that another poster mentioned. It was listed as "medium" and zone alarm said it had been quarantined and should be deleted immediately as it could be used to access passwords. So I deleted it. This was right after I did a Windows Update for the monthly Maliscous Software Removal too. Somebody mentioned they thought the Win32 thing found today was a false positive which, on the one hand, would make me happy. On the other hand, I deleted it. Could this cause me problems if the Win32 that's the topic of this thread, and the one I saw today on my scan are one and the same ? Did I hurt my computer or damage my security by deleting this if it is a false positive ? Thank you for whatever info you can offer.

    NOTE TO SELF: In the future, write down the names of viruses and spyware found in scans !

  5. #5
    dave_beer Guest

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    NOTE TO SELF: In the future, write down the names of viruses and spyware found in scans !

    (1) If logging is enabled, you should be able to find the name in the AV/ASW logs.
    (2) More information is available in the ZA logs themselves, which are, at least on my computer, stored in
    WINDOWS\Internet Logs

  6. #6
    amethyst Guest

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    I can find no evidence anywhere that this capicom.dll is malware. I've been to the websites of four other internet security vendors and searched their sites. This dll was not mentioned. I had Kapersky scan the specific file from their website and it came up clean. I don't know if I'm allowed to put the link here, so I won't.

    As to how a computer would function without this .dll, I really don't know. I can't find any information that I can understand about what this .dll actually does, although I think it would be more relevant to programmers and people who create webpages. ??? Maybe one of the gurus here would know.

    Amethyst

  7. #7
    kalinga Guest

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    It showed up in my spyware scan as well. I deleted it, which i'm guessing probably wasn't the best idea. However, capicom.dll can be downloaded from microsoft, so if i do need it in the future, i can download it.

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    Hi!yes, I can't find any capicom.dll marked as "BAD"See here for example: http://spywarefiles.prevx.com/ssHFAD6333/CAPImore.htmlAnd please report this possible false positive here: http://www.zonealarm.com/store/conte...are_report.jspAlso check that you have the latest AS DAT, now at 01.200704.1375Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    rowantree Guest

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    Hi,

    Reported it.

    Everything is bang up to date.

    Should I Restore this then...?

    Cheers,
    David

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: capicom.dll/Win32.Application.Adware.WinAntiVirus

    Hi!well, just keep it in quarantine and if everything works well leave it there for a while...Just wait for the next two fo three ZA AS updates before restoring it.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 6 12345 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •