Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive?

  1. #11
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive? "IT''S BACK"

    Nope, Capicom 2, 1, 0, 1 is clean and not detected by ZADid you, in the past, had problems in updating the antispyware DATs? Just thinking about what could be wrong....Find attached infos aboutMS capicom.dll<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD>File size: 516832 bytes</TD></TR><TR><TD>MD5: 30e88eca3d5d0b75e954e18181b9e6e5</TD></TR><TR><TD>SHA1: 454f7b030f3a007448320c990fe3e4c50e73f5a5</TD></TR></TBODY></TABLE>

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  2. #12
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive? "IT''S BACK"

    Ok... I managed to replicate the problem...1. Copied capicom.dll 2,1 in system 32 folder (renamed old capicom 2,0)2. No detection by ZA3. Removed capicom.dll 2,14. Renamed back old capicom5. Registered the dll (regsvr32.com capicom.dll)6. Scanned with ZA AS7. Got the false positiveSo, looks like registration of the dll is the triggering for the false positiveWell, I will report this (as you have done) to ZA Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #13
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive? "IT''S BACK"

    Ok reported, here is the report:Name of Threat Detected (false name):
    ASW,2007/04/20,15:40:06 +2:00 GMT,Win32.Application.Adware.WinAntiVirus

    Name of Legitimate Program actually installed: Microsoft CAPICOM.dll
    Download Location and or Vendor name If Known: http://www.microsoft.com/downloads/d...displaylang=en

    Version of Legitimate Program: Microsoft CAPICOM 2.1.0.1 (the same applies for previous version)File(s), Registry Key(s), Process(es) or Other Items triggering the detection:File Name-C:\WINDOWS\system32\capicom.dll
    GUID-{54BA1E8F-818D-407F-949D-BAE1692C5C18}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{54BA1E8 F-818D-407F-949D-BAE1692C5C18}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CAPICOM.Attrib ute
    GUID-{E38FD381-6404-4041-B5E9-B2739258941F}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E38FD38 1-6404-4041-B5E9-B2739258941F}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CAPICOM.Certif icate
    GUID-{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FBAB033 B-CDD0-4C5E-81AB-AEA575CD1338}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CAPICOM.Certif icates
    GUID-{65104D73-BA60-4160-A95A-4B4782E7AA62}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{65104D7 3-BA60-4160-A95A-4B4782E7AA62}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CAPICOM.Chain
    GUID-{A440BD76-CFE1-4D46-AB1F-15F238437A3D}
    RegistryKey-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4NOTE: you need to register capicom.dll before getting this false positives.How to register the dll:
    1. Go to Platform SDK Redistributable: CAPICOM 2.0 on the Microsoft.com Download Center.
    2. Download the file by clicking the CC2RINST.EXE link.
    3. When prompted, click Save and specify a folder on your local drive.
    4. Run the self-extracting executable file. This will create a directory structure containing the redistributable, samples, readme text, and so on.
    5. Navigate this directory to CAPICOM\x86\capicom.cab.
    6. Right-click the capicom.dll file. Select Extract.
    7. In the Select a Destination box, navigate to your system32 directory and click Extract.
    8. Open a command prompt and type the following command:
    regsvr32.exe capicom.dll A message box should appear with the following message: DllRegisterServer in capicom.dll succeeded. Cheers,Fax

    Message Edited by fax on 04-20-2007 07:02 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #14
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default CAPICOM.dll False Positive FIXED with AS DAT 01.200704.1435

    As per subject! Fax

    Message Edited by fax on 04-20-2007 10:14 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #15
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive? "IT''S BACK"

    Hi!update your AS signature, false positives has been fixed...Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #16
    the_flying_scot Guest

    Default Re: Message for FAX - ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive?

    Hi FaxOnce installed, I have never had a prob with
    operation of ZAISS.
    When I had this false +ve the build of my ZAISS was:
    ZoneAlarm Security Suite version:7.0.337.000
    TrueVector version:7.0.337.000
    Driver version:7.0.337.000
    Anti-virus engine version:3 , DAT file version 20070409175001
    Anti-spyware engine version:5.0.162.0
    Anti-spyware signature DAT file version:01.200704.1435 - this is the only difference between my build and yours
    AntiSpam version:4.9.1.8211
    My Capicom dll
    file is from Properties tab:Version:
    2.0.0.3Size:
    466944 bytes
    Copyright (c) 1999-2003 Microsoft CorporationSpecial Build Description: Gold
    Odd thing is, I notice from another message from you in this thread, http://forums.zonealarm.com/zonelabs...essage.id=1783,
    that I have the latest version of the Anti-spyware DAT file that is supposed to fix the false +ve.
    I have Lavasoft Adaware and Spybot installed and neither of these tools detected Capicom.dll as malware.
    (My thread seems to have been hijacked a bit so I have had a bit of a problem following the flow of the thread, but I think I have it.
    Forgive me if I repeat something you have already covered).
    Now the really odd thing is, I noticed last thing before packing in for some sleep (late eve 20th local time), that ZAISS updated itself (but DAT files
    were unchanged).
    This morning I ran another spyware scan and now Capicom.dll is no longer detected as a false +ve -
    weird!
    (As a sanity check I have confirmed Capicom.dll is still in the System32 folder).
    Can you throw any light on this behaviour?
    As a final check for me can
    you please do me a favour and tell me how I can check MD5 and SHA1 details of
    my Capicom file to make sure it is the same as yours and
    I don't have a rogue (pretty sure I don't - don't visit risky web sites and download stuff).
    Thanks again
    The_Flying_Scot

    Message Edited by The_Flying_Scot on 04-21-200712:57 PM

  7. #17
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Message for FAX - ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive?


    <BLOCKQUOTE><HR>The_Flying_Scot wrote:
    Hi FaxAs a final check for me canyou please do me a favour and tell me how I can check MD5 and SHA1 details ofmy Capicom file to make sure it is the same as yours andI don't have a rogue (pretty sure I don't - don't visit risky web sites and download stuff).
    <HR></BLOCKQUOTE>Hi!there are various software checking MD5 and SHA1 on files... you could simply upload the file to www.virustotal.com and apart from AV scanning it will give these info...Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #18
    the_flying_scot Guest

    Default Re: Message for FAX - ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive?

    Hi FaxConfirmed my Capicom dll is ok and also
    has the same MD5 and SHA1 details as yours!
    Thanks again for all your help on this!RegardsThe_Flying_Scot

    Message Edited by The_Flying_Scot on 04-23-200702:55 PM

  9. #19
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Message for FAX - ZAISS 7 detects Microsoft file CAPICOM.dll as trojan - false positive?

    You're very welcome!Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  10. #20
    naivemelody Guest

    Default Microsoft file CAPICOM.dll as trojan - false positive? - latest update 5-6-07...

    Seems there will be a new Microsoft update that will deal with [capicom] the security flaw/hole / false positive this coming May 8, 2007 -5-8-07. Make sure you are set to receive your second Tuesday of every month Microsoft updates, yes. See - http://www.informationweek.com/windo...SSfeed_TechWeb
    .<hr>and from PCMag - http://www.pcmag.com/article2/0,1759,2126050,00.asp
    .<hr>Microsoft bulletin - http://www.microsoft.com/technet/sec...n/advance.mspx
    .<hr>NaiveMelody 5-6-07~8:43pm e.s.t. - Jive talkin' - The Bee Gees

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •