Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Trojan-Clicker.Win32.Small.qo

  1. #1
    annemoss Guest

    Default Trojan-Clicker.Win32.Small.qo

    This one has come up. ZoneAlarm found Trojan-Clicker.Win32.Small.qo.

    This is the file.

    wrlzma.dll

    I can't delete it. ZoneAlarm can't quarantine it, delete it or rename it. I can't get rid of using killbox either. I don't even know what it will do. Apparently it came through ie7. I don't use ie7 but my husband did on February 17, 2008. And it appears that that is when the virus hit. Does anyone know how I can remove this manually. I think is probably in the registry keys. Right now that .dll file is in Webroot folder.

    Operating System:Windows XP Pro
    Software Version:
    Product Name:ZoneAlarm Antivirus

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Trojan-Clicker.Win32.Small.qo


    <blockquote><hr>annemoss wrote:
    This one has come up. ZoneAlarm found Trojan-Clicker.Win32.Small.qo.

    This is the file.

    wrlzma.dll

    I can't delete it. ZoneAlarm can't quarantine it, delete it or rename it. I can't get rid of using killbox either. I don't even know what it will do. Apparently it came through ie7. I don't use ie7 but my husband did on February 17, 2008. And it appears that that is when the virus hit. Does anyone know how I can remove this manually. I think is probably in the registry keys. Right now that .dll file is in Webroot folder.

    Operating System:
    Windows XP Pro
    Software Version:

    Product Name:
    ZoneAlarm Antivirus

    <hr></blockquote>
    If the wrlzma.dll is located in the WINDOWS Directory, then it is some vundo variant. If the wrlzma.dll is located in the Webroot directory, then it is a safe .dll
    Click the .dll in the webroot folder and open the properties and the vendor, version , date and time and info should give sufficent details as to whether this is infact a rouge .dll or a safe .dll.

    Oldsod
    Best regards.
    oldsod

  3. #3
    naivemelody Guest

    Default Re: Trojan-Clicker.Win32.Small.qo - false positive

    If you do have Spysweeper then it is probably a false positive. Sometimes security software scans will pick up other brand security software files; false positives. See/ click here &gt; http://fileinfo.prevx.com/QQ6ce81659...RLZMA.DLL.html<hr>DEFINITION OF: WRLZMA.DLL<ul>[*]Safety Rating: Safe[*]First seen: Oct 28 2005 (GMT)[*]Last seen: Oct 28 2005 (GMT[*]1. COVERT ANALYSIS OF: WRLZMA.DLL<ul>[*]File Names Used: 23[*]Paths Used: 17[*]Common File Name: WRLZMA.DLL[*]Common Path: %PROGRAMFILES%\WEBROOT\SPY SWEEPER\[*]Vendor Information: No Vendor details specified[*]File Name Structure: Normal<hr>:0NaiveMelody NYC 2-18-08 - Jumpin' Jack Flash - The Rolling Stones[/list][/list]

    Message Edited by NaiveMelody on 02-19-2008 08:24 PM

  4. #4
    annemoss Guest

    Default Re: Trojan-Clicker.Win32.Small.qo

    While I saw that wrlzma.dll was considered safe on that one site, I also saw that many others have had difficulty with this file as a trojan.So I'm not resting easy yet.

    When I click on it, ZoneAlarm opens immediately and says the threat is high. I actually had let my webroot subscription run out a couple of days ago. It doesn't flag it when I run spysweeper (I updated the subscription today). I use ZA as my virus scanner/sweeper.

    It is located at

    c:Local Disk/Program Files/Webroot/Spy Sweeper/wrlzma.dll

    And when I click on it, I get the ZA pop up in my face immediately with a high risk rating. If it is a vundo variant, how do I get rid of it? I also noticed that I see no posts on the internet for this strain of this virus until Feb 17, 2008. I'm not getting pop ups right now. And I don't use IE unless I have to for windows updates.

    I'd at least like to contain the threat.

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Trojan-Clicker.Win32.Small.qo


    <blockquote><hr>annemoss wrote:
    While I saw that wrlzma.dll was considered safe on that one site, I also saw that many others have had difficulty with this file as a trojan.So I'm not resting easy yet.

    When I click on it, ZoneAlarm opens immediately and says the threat is high. I actually had let my webroot subscription run out a couple of days ago. It doesn't flag it when I run spysweeper (I updated the subscription today). I use ZA as my virus scanner/sweeper.

    It is located at

    c:Local Disk/Program Files/Webroot/Spy Sweeper/wrlzma.dll

    And when I click on it, I get the ZA pop up in my face immediately with a high risk rating. If it is a vundo variant, how do I get rid of it? I also noticed that I see no posts on the internet for this strain of this virus until Feb 17, 2008. I'm not getting pop ups right now. And I don't use IE unless I have to for windows updates.

    I'd at least like to contain the threat.
    <hr></blockquote>


    I did post this before:

    "If the wrlzma.dll is located in the WINDOWS Directory, then it is some vundo variant. If the wrlzma.dll is located in the Webroot directory, then it is a safe .dll
    Click the .dll in the webroot folder and open the properties and the vendor, version , date and time and info should give sufficent details as to whether this is infact a rouge .dll or a safe .dll."

    Since this is a valid spysweeper .dll and not some exotic malware, relax and do not worry It is ok and alright. This is a false positive or false identification by the ZA and nothing else. You can rest and relax. just a false alarm.

    Cheers, Oldsod.
    Best regards.
    oldsod

  6. #6
    naivemelody Guest

    Default Spysweeper file: wrlzma.dll - exonerated

    Here's another site offering evidence of innocense; on unrelated activitiy - these two guys on this forum are discussing the files that were downloaded when you use Spysweeper CD disc to install... see/click here &gt; http://www.911cd.net/forums//index.p...mp;#entry92979<hr>&quot;Spysweeper 4.0 and later only works on pe if not used with runscanner. COntents of the plugin for Spysweeper 4.5

    SpySweeper.htm
    SpySweeper.inf
    SpySweeper.xml
    Files\3
    Files\Bt01.exe
    Files\file_id.diz...
    ...
    Files\NewNews.txt
    Files\Quarantine
    Files\readme.txt
    Files\report.ini
    Files\SafeSweeper.exe
    Files\Shields
    Files\SpyHelp.chm
    Files\SpyNews.htm
    Files\SpySweeper.cmd
    Files\SpySweeper.exe
    Files\SpySweeperScan.cmd
    Files\SSCtxMnu.dll
    Files\ssi.dll
    Files\ssleay32.dll
    Files\Temp
    Files\temp.txt
    Files\Thumbs.db
    Files\TP.exe
    Files\wrid.dll
    Files\wrlzma.dll...&quot; <hr>if you look closely - you have two independent people; both having discovered and listing that same file back then.<hr>annemoss, if you look thru this forum - Kaspersky av does - occasionally have false positives; some that I have reported. One of the false positives was for Microsoft's Windows Explorer - a fair number of people had those 'false' detections and &quot;deleted&quot; the 'trojan' &gt; and then their
    Windows Explorer
    program ceased functioning properly. See/ click here &gt; http://forums.zonelabs.org/zonelabs/...id=85328#M3107<hr>And of course Spysweeper is not immune from having false positives &gt; see/ click here &gt; http://forums.zonelabs.org/zonelabs/...d=85338#M24623<hr>:0NaiveMelody NYC 2-19-08 - Paint It Black - The Rolling Stones

  7. #7
    annemoss Guest

    Default Re: Trojan-Clicker.Win32.Small.qo

    OK, I understand your post. It was late, had been a long day and I'm not used to a &quot;stacked&quot; version of a forum. I'm glad it's here. Thank you. I clicked on properties and the ZA came up and the I clicked on properties and it didn't say much but it gave the path. Thanks for the links, I'll take a look at those.

    I'm going to keep an eye on it because the first ZA scan had listed it in another folder (documents and settings). And then when I ran the scan again, it was in the webroot folder. So that's what made me particularly suspicious.

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Trojan-Clicker.Win32.Small.qo

    Not a problem. We all have been there with long and tiring days and strange formats in a new forum.

    I do not use the ZA antivirus, but I believe the file can be set to exceptions once detected or quarantined.
    On the other hand, if you just ignore it for a day or two, the problem will get fixed and go away by itself. The definitions database for the kaspersky antivirus in your ZA will get corrected for false positives or mistaken identifications. Almost immediately or within the day or so. In other words, repeat an antivirus scan again in a couple of days and the webroot file will be skipped by the scanner.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

  9. #9
    annemoss Guest

    Default Re: Trojan-Clicker.Win32.Small.qo

    Thanks. I was thinking about the path of least resistance in letting ZA correct it. I'll try the other if that doesn't work.

  10. #10
    naivemelody Guest

    Default Another Spysweeper/ wrlzma - false positive

    annemoss, it looks like your not alone with this false positive, take a look at this - dated 2-19-08 - http://forums.zonelabs.org/zonelabs/...ssage.id=27169
    <hr>&quot;I have ZAISS7 and in a recent antivirus sweep it detected what it said was a virus called Trojan-Clicker.Win32.Small.qo, the path for which was located on my hard drive at C:\Program Files\SpySweeper\wrlzma.dll. After checking with Webroot they said the detection and quarantine is a false positive. I looked all over the ZoneAlarm tech support site and could not find any location to report false positives. How (or can) users report false positives to Check Point? Thanks.

    FYIGMO

    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite&quot;<hr>I guess Oldsod and I, were right on track.<hr>NaiveMelody NYC 2-19-08 - Surfin' U.S.A. - The Beach Boys

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •