Page 1 of 2 12 LastLast
Results 1 to 10 of 23

Thread: hoax or threat ?

Hybrid View

  1. #1
    hartridge Guest

    Default hoax or threat ?

    Scan-result with Zonealarm:

    Code:
    Win32.Viking.AE
    ----------------------
    Datei: C:\xampp\xampp-control.exe
    
    
    Win32.Worm.IrcBot.60416.6 
    ----------------------------------------
    Datei: C:\Program Files\EASEUS\Data Recovery Wizard Professional 4.3.6\msvcr80.dll
    Datei: C:\Program Files\Edraw Max\msvcr80.dll
    Datei: C:\Program Files\Google\Google Earth\msvcr80.dll
    Datei: C:\Program Files\Google\Google Earth\plugin\msvcr80.dll
    Datei: C:\Users\Richard\Desktop\Downloads\Portable_UpdateStar\Portable UpdateStar\App\msvcr80.dll
    Datei: C:\Users\Richard\Documents\Portable Apps\mysql-workbench-oss-5.0.30-win32-noinstall\MySQL Workbench 5.0.30 OSS\msvcr80.dll
    Datei: C:\Users\Richard\Documents\Portable Apps\revouninstaller\revouninstaller-portable-1-7\msvcr80.dll
    Datei: C:\Users\Richard\Documents\Setup-Box\GIS-Tools\GoogleEarthPortable\App\GoogleEarth\msvcr80.dll
    Datei: C:\Windows\Installer\$PatchCache$\Managed\7E577B2224C65CF4E801A9E52375DB49\14.0.1468\ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
    Datei: C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcr80.dll
    Scan result @ virustotal is here

    no virus found !!

    i´m not sure what to do ? any ideas ? thanks in advance

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: hoax or threat ?

    Hi!
    does not look like a ZA detection. Can you post the ZA logs? (ZA logs -> antivirus section).

    Which version of ZA are you running? Right click the ZA icon near the clock --> about --> Copy to clipboard --> Paste it here as reply.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    webwanderer Guest

    Default Re: hoax or threat ?

    .
    YOU TOO?

    Zonealarm alerts on MSVCR80 for you too? Hmmm.
    Your other spyware scanner finds nothing? Hmmm.

    INFECTED, OH NO!!

    I had both of my Zonealarm 8 settings for the antivirus scan and the spyware scan at the maximum deep inspection (or whatever they are called). I got a spyware hit on msvcr80.

    FIXING?

    Since I thought I was infected, I reloaded the C drive with an Acronis image from two weeks ago (20 minutes). I updated the definitions and rescanned with the maximum settings again (6 hours). NO HITS.

    MICROSOFT UPDATES CAUSING HIT????

    I applied the Microsoft updates again and rescanned (6 hours). I'm getting a spyware hit on MSVCR80 again, in the same folder as before. Without Zonealarm doing any treatment, I scanned with Spysweeper and Spysweeper finds nothing.

    AM I'M REALLY INFECTED?

    Is this a problem in the spyware definition file? It kinda looks like it.

    Would upgrading to Zonealarm 9 fix this problem? I'm guessing not if it uses the same definition file as ZA 8.

    I wouldn't mind reloading the C drive again (15 0r 20 minutes) but, ugh, not waiting for the scans again. Is there a way to do a spyware scan on a file or directory with ZA 8. I can't spend another whole day on this again. You can set the directories for the antivirus, but it doesn't look like you can define them for the antispyware.

    thanks

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: hoax or threat ?

    Please do not hijack other users threads, open yours.
    ZA 9 uses a different engine and definitions than version 8.

    I will be forced to close the current thread or remove your messages in case of further abuse.

    Fax
    Last edited by fax; December 1st, 2009 at 09:06 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    webwanderer Guest

    Default Re: hoax or threat ?

    Hijack the thread? ... It's the same issue, same file, and same probable false positive. I don't see that as hijacking. If someone else has this problem with MSVCR80 it would be nice to see more input, no?

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: hoax or threat ?

    Quote Originally Posted by webwanderer View Post
    Hijack the thread? ... It's the same issue, same file, and same probable false positive. I don't see that as hijacking. If someone else has this problem with MSVCR80 it would be nice to see more input, no?
    Which file? Which detection exactly? Name? Section of ZA? ZA logs? You provide little if none concrete data to help troubleshooting the issue.
    On top of the above you are running a non supported version of ZA. Please update to latest version 9.1. The antivirus/antispyware in version 9 has been completely re-designed.

    Further non helpful posts will be removed without notice.

    Thank you,
    Fax
    Last edited by fax; December 1st, 2009 at 09:42 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    webwanderer Guest

    Default Re: hoax or threat ?

    Calm down a little, dude. I'm not a spammer.

    Just like the OP, I had the same trojan, in the same file, which VirusTotal also says is not infected (0/41).

    Win32.Worm.IrcBot.60416.6
    msvcr80.dll

    I'm not asking for troubleshooting (last time you told me to file a ticket if I wanted help, 'cause "we're all just users"), I'm posting more info, which I myself wish I had found yesterday, so I hadn't wasted a whole day in a panic, thinking I had been compromised, while instead it appears to be just a false positive with this file and trojan.

  8. #8
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,473

    Post Re: hoax or threat ?

    Quote Originally Posted by webwanderer View Post
    Hijack the thread? ... It's the same issue, same file, and same probable false positive. I don't see that as hijacking. If someone else has this problem with MSVCR80 it would be nice to see more input, no?

    As a matter of Curtsey and to provide the Best solution to each Users problem,
    the Guideline Rules,ask each User to Please start their own thread. And start only 1 thread for each problem.

    This insures that each User receives a solution specific to their on Problem, When other user like yourself interject your own problem into the discussion of somebody else's problem, any advice or solution to your problem would confuse and may conflict with the solution to the Originating Users problem..

    That is why you were asked Not to Hi-Jack somebody else's Request for Help, and to Please start your own thread. And start only 1 thread for each problem.

    Thank you in advance for you Cooperation in this matter..
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    hartridge Guest

    Default Re: hoax or threat ?

    @fax + webwanderer : thanks for response

    Release:

    • Zone Alarm Pro: 8.0.298.004
    • TrueVector-Engine: 8.0.298.004

    @Log-Files:

    • my first posting above shows all information provided by ZA. It is the scan-result; I have copied all detail-infos in this text-file
    • btw. Where can I find the log-file in this version of ZA

  10. #10
    webwanderer Guest

    Default Re: hoax or threat ?

    I'm not asking you a question. I'm putting my experience in the forum for future searchers with problems with:

    Win32.Worm.IrcBot.60416.6
    msvcr80.dll

    and I already said up in post 3 that I'm using Zonealarm 8 and it's a SPYWARE hit.

    It sure seems like a false positive, and I'm going to upgrade to 9 and see what happens.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •