Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: hoax or threat ?

  1. #1
    hartridge Guest

    Default hoax or threat ?

    Scan-result with Zonealarm:

    Code:
    Win32.Viking.AE
    ----------------------
    Datei: C:\xampp\xampp-control.exe
    
    
    Win32.Worm.IrcBot.60416.6 
    ----------------------------------------
    Datei: C:\Program Files\EASEUS\Data Recovery Wizard Professional 4.3.6\msvcr80.dll
    Datei: C:\Program Files\Edraw Max\msvcr80.dll
    Datei: C:\Program Files\Google\Google Earth\msvcr80.dll
    Datei: C:\Program Files\Google\Google Earth\plugin\msvcr80.dll
    Datei: C:\Users\Richard\Desktop\Downloads\Portable_UpdateStar\Portable UpdateStar\App\msvcr80.dll
    Datei: C:\Users\Richard\Documents\Portable Apps\mysql-workbench-oss-5.0.30-win32-noinstall\MySQL Workbench 5.0.30 OSS\msvcr80.dll
    Datei: C:\Users\Richard\Documents\Portable Apps\revouninstaller\revouninstaller-portable-1-7\msvcr80.dll
    Datei: C:\Users\Richard\Documents\Setup-Box\GIS-Tools\GoogleEarthPortable\App\GoogleEarth\msvcr80.dll
    Datei: C:\Windows\Installer\$PatchCache$\Managed\7E577B2224C65CF4E801A9E52375DB49\14.0.1468\ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
    Datei: C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcr80.dll
    Scan result @ virustotal is here

    no virus found !!

    im not sure what to do ? any ideas ? thanks in advance

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: hoax or threat ?

    Hi!
    does not look like a ZA detection. Can you post the ZA logs? (ZA logs -> antivirus section).

    Which version of ZA are you running? Right click the ZA icon near the clock --> about --> Copy to clipboard --> Paste it here as reply.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    webwanderer Guest

    Default Re: hoax or threat ?

    .
    YOU TOO?

    Zonealarm alerts on MSVCR80 for you too? Hmmm.
    Your other spyware scanner finds nothing? Hmmm.

    INFECTED, OH NO!!

    I had both of my Zonealarm 8 settings for the antivirus scan and the spyware scan at the maximum deep inspection (or whatever they are called). I got a spyware hit on msvcr80.

    FIXING?

    Since I thought I was infected, I reloaded the C drive with an Acronis image from two weeks ago (20 minutes). I updated the definitions and rescanned with the maximum settings again (6 hours). NO HITS.

    MICROSOFT UPDATES CAUSING HIT????

    I applied the Microsoft updates again and rescanned (6 hours). I'm getting a spyware hit on MSVCR80 again, in the same folder as before. Without Zonealarm doing any treatment, I scanned with Spysweeper and Spysweeper finds nothing.

    AM I'M REALLY INFECTED?

    Is this a problem in the spyware definition file? It kinda looks like it.

    Would upgrading to Zonealarm 9 fix this problem? I'm guessing not if it uses the same definition file as ZA 8.

    I wouldn't mind reloading the C drive again (15 0r 20 minutes) but, ugh, not waiting for the scans again. Is there a way to do a spyware scan on a file or directory with ZA 8. I can't spend another whole day on this again. You can set the directories for the antivirus, but it doesn't look like you can define them for the antispyware.

    thanks

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: hoax or threat ?

    Please do not hijack other users threads, open yours.
    ZA 9 uses a different engine and definitions than version 8.

    I will be forced to close the current thread or remove your messages in case of further abuse.

    Fax
    Last edited by fax; December 1st, 2009 at 09:06 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    webwanderer Guest

    Default Re: hoax or threat ?

    Hijack the thread? ... It's the same issue, same file, and same probable false positive. I don't see that as hijacking. If someone else has this problem with MSVCR80 it would be nice to see more input, no?

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: hoax or threat ?

    Quote Originally Posted by webwanderer View Post
    Hijack the thread? ... It's the same issue, same file, and same probable false positive. I don't see that as hijacking. If someone else has this problem with MSVCR80 it would be nice to see more input, no?
    Which file? Which detection exactly? Name? Section of ZA? ZA logs? You provide little if none concrete data to help troubleshooting the issue.
    On top of the above you are running a non supported version of ZA. Please update to latest version 9.1. The antivirus/antispyware in version 9 has been completely re-designed.

    Further non helpful posts will be removed without notice.

    Thank you,
    Fax
    Last edited by fax; December 1st, 2009 at 09:42 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    webwanderer Guest

    Default Re: hoax or threat ?

    Calm down a little, dude. I'm not a spammer.

    Just like the OP, I had the same trojan, in the same file, which VirusTotal also says is not infected (0/41).

    Win32.Worm.IrcBot.60416.6
    msvcr80.dll

    I'm not asking for troubleshooting (last time you told me to file a ticket if I wanted help, 'cause "we're all just users"), I'm posting more info, which I myself wish I had found yesterday, so I hadn't wasted a whole day in a panic, thinking I had been compromised, while instead it appears to be just a false positive with this file and trojan.

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: hoax or threat ?

    Hi!
    Well... would you be actually not upset if you keep asking the same information and always get the same partial answers?

    First it is not clear if you have updated to version 9.1, if not, you have not indicated which section of ZA is detection pertaining to. In other words:
    Please go to the ZA antivirus section of ZA and see where is quarantined the file. Antivirus ? Antispyware section?

    The signature name seems related to the outdated ZA antispyware 8. There is no such engine or detection name anymore.
    May be before the new year wewill channel the message successfully

    Fax
    Last edited by fax; December 1st, 2009 at 10:35 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    webwanderer Guest

    Default Re: hoax or threat ?

    I'm not asking you a question. I'm putting my experience in the forum for future searchers with problems with:

    Win32.Worm.IrcBot.60416.6
    msvcr80.dll

    and I already said up in post 3 that I'm using Zonealarm 8 and it's a SPYWARE hit.

    It sure seems like a false positive, and I'm going to upgrade to 9 and see what happens.

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: hoax or threat ?

    Quote Originally Posted by webwanderer View Post
    and I already said up in post 3 that I'm using Zonealarm 8 and it's a SPYWARE hit.
    ZA 8 antivirus also check for spyware. So it is not always obvious which detects what, this is why I have asked it
    Upgrading to ZA 9 should resolved the false positive.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •