Results 1 to 6 of 6

Thread: [Solved] invalid spyware detection

  1. #1
    alistairm Guest

    Default [Solved] invalid spyware detection

    This relates to CNMOP6d.DLL which is part of the installed software to support a Canon ip5000 printer.
    This has been installed on my windows XP computer for a couple of years without any problems whatsoever. Today, when I attempted to print a document, This file was quarantined as containing the Trojan-Spy Win32.Zbot.gen . I have uninstalled and re-installed the printer software, and the file, despite being a fresh copy from the installation CD, was again quarantined.
    Has any-one else found this, and if so, how have you fixed it?
    I am running 9.1.008.000 of TrueVector, Security Suite and Driver.
    I am running Antivirus 8.2.0..42 DAT 1011704192
    I am running Antispam 6.0.0.2383
    Latest AV update 13/02/2010 14:51

    I really need to get my printer working again.
    Last edited by GeorgeV; February 13th, 2010 at 08:32 AM.

  2. #2
    findley Guest

    Default Re: invalid spyware detection

    Quote Originally Posted by alistairm View Post
    This relates to CNMOP6d.DLL which is part of the installed software to support a Canon ip5000 printer.
    This has been installed on my windows XP computer for a couple of years without any problems whatsoever. Today, when I attempted to print a document, This file was quarantined as containing the Trojan-Spy Win32.Zbot.gen . I have uninstalled and re-installed the printer software, and the file, despite being a fresh copy from the installation CD, was again quarantined.
    Has any-one else found this, and if so, how have you fixed it?
    I am running 9.1.008.000 of TrueVector, Security Suite and Driver.
    I am running Antivirus 8.2.0..42 DAT 1011704192
    I am running Antispam 6.0.0.2383
    Latest AV update 13/02/2010 14:51

    I really need to get my printer working again.
    Hi,
    Sounds like a false postive, but to be sure upload the file CNMOP6d.DLL to VirusTotal
    VirusTotal is a free service that analyzes suspicious files against 40+ AntiVirus engines(I may be wrong on the number of AV engines used but its quite a large number). You'll get an online report fairly quickly.

    Assuming it's a false positive you can exclude the file from the virus scan and report it as a False Positive

    Hope this gets you printing again and enjoying the weekend
    Findley

  3. #3
    alistairm Guest

    Default Re: invalid spyware detection

    Many thanks for the quick response.
    I have excluded it from the ZoneAlarm scan, and I can now print again



    This is the result from VirusTotal



    File CNMOP6d.DLL received on 2010.02.13 17:17:26 (UTC)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 1/41 (2.44%)
    Loading server information...
    Your file is queued in position: 2.
    Estimated start time is between 46 and 66 seconds.
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Compact
    Print results Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:

    Antivirus Version Last Update Result
    a-squared 4.5.0.50 2010.02.13 -
    AhnLab-V3 5.0.0.2 2010.02.13 -
    AntiVir 7.9.1.160 2010.02.12 -
    Antiy-AVL 2.0.3.7 2010.02.13 -
    Authentium 5.2.0.5 2010.02.13 -
    Avast 4.8.1351.0 2010.02.13 -
    AVG 9.0.0.730 2010.02.13 -
    BitDefender 7.2 2010.02.13 -
    CAT-QuickHeal 10.00 2010.02.13 -
    ClamAV 0.96.0.0-git 2010.02.13 -
    Comodo 3922 2010.02.13 -
    DrWeb 5.0.1.12222 2010.02.13 -
    eSafe 7.0.17.0 2010.02.11 -
    eTrust-Vet 35.2.7300 2010.02.12 -
    F-Prot 4.5.1.85 2010.02.13 -
    F-Secure 9.0.15370.0 2010.02.13 -
    Fortinet 4.0.14.0 2010.02.13 -
    GData 19 2010.02.13 -
    Ikarus T3.1.1.80.0 2010.02.13 -
    Jiangmin 13.0.900 2010.02.08 -
    K7AntiVirus 7.10.972 2010.02.12 -
    Kaspersky 7.0.0.125 2010.02.13 Trojan-Spy.Win32.Zbot.gen
    McAfee 5891 2010.02.13 -
    McAfee+Artemis 5891 2010.02.13 -
    McAfee-GW-Edition 6.8.5 2010.02.13 -
    Microsoft 1.5406 2010.02.13 -
    NOD32 4864 2010.02.13 -
    Norman 6.04.08 2010.02.13 -
    nProtect 2009.1.8.0 2010.02.13 -
    Panda 10.0.2.2 2010.02.13 -
    PCTools 7.0.3.5 2010.02.13 -
    Prevx 3.0 2010.02.13 -
    Rising 22.34.01.03 2010.02.11 -
    Sophos 4.50.0 2010.02.13 -
    Sunbelt 5675 2010.02.13 -
    Symantec 20091.2.0.41 2010.02.13 -
    TheHacker 6.5.1.4.191 2010.02.13 -
    TrendMicro 9.120.0.1004 2010.02.13 -
    VBA32 3.12.12.2 2010.02.12 -
    ViRobot 2010.2.13.2186 2010.02.13 -
    VirusBuster 5.0.21.0 2010.02.12 -
    Additional information
    File size: 22528 bytes
    MD5...: fec69d5dc551ae03a1f160b9fc40a355
    SHA1..: ad1631de2ddaceba64822373ce8e6eb300401639
    SHA256: a0ff3f7d53b966e570b67f6da0eda8d42fa5cb639d4a981b82 cc886a07374540
    ssdeep: 384:S1sic9XxE1yXrJrzjUaRekIvWHGKWPFAqS7e/mdlllo:S1E9XxiytDUgekIO
    HGFPFxS7e/kTlo
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x4e5a
    timedatestamp.....: 0x40d2bf7a (Fri Jun 18 10:10:02 2004)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x4270 0x4400 6.46 052f5ae9fe5aafe2e3261514878a8b83
    .data 0x6000 0x730 0x800 2.81 d4964b8c12759f4ab341ec8452c35541
    .rsrc 0x7000 0x410 0x600 2.50 373fabd07cf2fb3e78930ebb9f81735d
    .reloc 0x8000 0x188 0x200 4.16 29a2d1dcb30b1d3989ed20a2a657c3d4

    ( 2 imports )
    > KERNEL32.dll: GetProcAddress, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, GlobalAlloc, GlobalFree, Sleep
    > msvcrt.dll: malloc, _adjust_fdiv, free, _initterm

    ( 10 exports )
    OutputClose, OutputComplete, OutputFlush, OutputFormFeed, OutputInit, OutputInitPart, OutputInitTwo, OutputOpen, OutputProduce, OutputProduceTwo
    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: CANON INC.
    copyright....: Copyright CANON INC. 1999-2004 All Rights Reserved
    product......: Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000
    description..: BJ Raster Printer Driver Output Module
    original name: CNMOP6c.DLL
    internal name: CNMOP6c.DLL
    file version.: 1.80.2.90
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    It seems that as Kaspersky is the only one to find a fault it is a false positive.

    I am going to send it in now.

    Many thanks for your assistance

  4. #4
    findley Guest

    Default Re: invalid spyware detection

    Glad to hear your issue is resolved and you're printing again

    best regards,
    Findley

  5. #5
    iwaddo77 Guest

    Default Re: [Solved] invalid spyware detection

    Hi, I also have the same problem and have reported it.

    I currently have the file excluded so I can print.

    The only thing I am not sure about is will I know when it is safe to remove the exclusion?

    Regards

    Ian

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: [Solved] invalid spyware detection

    Hi!
    If you have reported it to Kaspersky as False Positive, you should receive a confirmation by e-mail about it.
    Once received you can remove the exclusion. A matter of a day or two.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Firewall detection
    By bawdy in forum General - Questions that don't fit any other category
    Replies: 2
    Last Post: September 2nd, 2008, 11:53 AM
  2. Replies: 0
    Last Post: May 16th, 2008, 10:51 AM
  3. ZA Internet Suite .. Trojans v Viruses and Spyware Detection
    By michael_uk in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 5
    Last Post: December 20th, 2007, 02:53 AM
  4. IE Crash Detection
    By dobergirl in forum General - Questions that don't fit any other category
    Replies: 10
    Last Post: November 1st, 2007, 09:10 PM
  5. detection of anti-virus
    By dwebspider in forum General - Questions that don't fit any other category
    Replies: 1
    Last Post: December 18th, 2005, 12:51 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •