Results 1 to 6 of 6

Thread: Win32.Trojan.James - Keeps Coming Back - What Is It?!

  1. #1
    pdadave Guest

    Default Win32.Trojan.James - Keeps Coming Back - What Is It?!



    Greetings All,




    For the last few weeks I have had this come up occasionally on my scans. ZA give it a medium rating and I quarantine it. It seems to disappears for several days, a week perhaps, then will show up again on a scan.




    It s located at C:\WINDOWS\System32\nlame.dll




    Does anyone know what it is and why it keeps coming back? A Google search turns up nothing.




    thanks

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    findley Guest

    Default Re: Win32.Trojan.James - Keeps Coming Back - What Is It?!

    pdadave,

    Do you run winLAME? "winLAME uses a self-made API to LAME (which eases access for winLAME) that is packaged into a DLL called nLAME.dll."
    http://winlame.sourceforge.net/faq.php

    Suggest you upload the file to virustotal - a free service that analyzes suspicious files. The file you upload will be scanned by 30+ antivirus engines and you'll get a fast answer on whether or not this is a false positive. http://www.virustotal.com/

    Findley

    Message Edited by Findley on 06-28-2008 02:39 PM

  3. #3
    pdadave Guest

    Default Re: Win32.Trojan.James - Keeps Coming Back - What Is It?!

    Hi There,
    Thanks for the response. Sorry I'm not a techie so I have no idea if I run winLAME or not. I ran the file through the site you mentioned and only 1 out of the 33 engines flagged it as "suspicious file" so I guess that probablt means that is a false find. But why would this dll file create something that ZA identifies as a trojan if it's false?

  4. #4
    findley Guest

    Default Re: Win32.Trojan.James - Keeps Coming Back - What Is It?!


    <blockquote><hr>pdadave wrote:
    Hi There,
    Thanks for the response. Sorry I'm not a techie so I have no idea if I run winLAME or not. I ran the file through the site you mentioned and only 1 out of the 33 engines flagged it as &quot;suspicious file&quot; so I guess that probablt means that is a false find. But why would this dll file create something that ZA identifies as a trojan if it's false?
    <hr></blockquote>
    pdadave,
    You're welcome:8}
    Here's a definition of false positive from viruslist.com:&quot;False positive
    Synonyms: False alarmA false positive is another way of saying mistake . As applied to the field of anti-virus programs, a false positive occurs when the program mistakenly flags an innocent file as being infected.&quot;
    http://www.viruslist.com/en/glossary?glossid=153654932
    In other words, the scan is detecting &quot;a known string&quot; in an uninfected file.
    You can report the false positive this way:
    If it was detected by the antivirus scan:
    Send file to kaspersky (that's the av engine used by zone alarm)in a password protected zip to newvirus@kaspersky.com
    Subject: False Positive.Be sure to include password in the e-mail.
    If it was detected by the antispyware scan:http://www.zonealarm.com/store/conte...are_report.jsp
    By reporting the false positive you'll help yourself and others
    so it can be fixed.
    Findley


  5. #5
    jafofubar Guest

    Default Re: Win32.Trojan.James - Keeps Coming Back - What Is It?!

    This is an old thread that I found through a search. I was getting the same warning. I don't know if anyone else sent the file to the address given so I sent it. This was the response (I don't know if that means they'll fix it for the next update or not).

    Hello.
    No malicious software was found in the attached file.

  6. #6
    findley Guest

    Default Re: Win32.Trojan.James - Keeps Coming Back - What Is It?!


    <blockquote><hr>JafoFubar wrote:
    This is an old thread that I found through a search. I was getting the same warning. I don't know if anyone else sent the file to the address given so I sent it. This was the response (I don't know if that means they'll fix it for the next update or not).

    Hello.
    No malicious software was found in the attached file.
    <hr></blockquote>


    Hello JafoFubar,

    Glad to hear you submitted false positive - which will enable it to get fixed.

    Regards,
    Findley

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •