|
|
Rank: Advanced Member
Groups: Member
Joined: 3/7/2006
Posts: 145
Location: Paris, France.
|
Hello,
after this morning and last update A Squared free (version 3.1.0.23 with 1.150.887 ojects) finds this:
Version - a-squared Free 3.1
Dernière mise à jour: 19/02/2008 08:35:34
Réglages Scan:
Objets: Mémoire, Traces, Cookies, C:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche
Début du scan: 19/02/2008 08:35:37
Value: HKEY_CLASSES_ROOT\CLSID\{231D1CF6-C578-411D-9B9B-48264355805D}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_CLASSES_ROOT\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_CLASSES_ROOT\CLSID\{90FDB7BD-EB76-4AC9-8385-D1EE80BBCDCD}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_CLASSES_ROOT\CLSID\{A02A65C1-50E4-4E5D-B9D0-625D5DEBC671}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_CLASSES_ROOT\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_CLASSES_ROOT\CLSID\{BBA63CAC-9913-4A13-9212-E97BB70C05C9}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_CLASSES_ROOT\CLSID\{C3271080-C57A-4520-8066-337AD212D7E0}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_CLASSES_ROOT\CLSID\{D3E95E1D-D003-42A0-91FD-465DC624BC7A}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_CLASSES_ROOT\CLSID\{D865F1E7-BAC6-4ECA-B37B-0A5DDFF2D031}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231D1CF6-C578-411D-9B9B-48264355805D}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90FDB7BD-EB76-4AC9-8385-D1EE80BBCDCD}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A02A65C1-50E4-4E5D-B9D0-625D5DEBC671}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBA63CAC-9913-4A13-9212-E97BB70C05C9}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3271080-C57A-4520-8066-337AD212D7E0}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3E95E1D-D003-42A0-91FD-465DC624BC7A}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D865F1E7-BAC6-4ECA-B37B-0A5DDFF2D031}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ultimate Security Suite 2.0
Scanné
Fichiers: 125199
Traces: 373978
Cookies: 8
Processus: 41
Trouver
Fichiers: 0
Traces: 18
Cookies: 0
Processus: 0
Clés de Registre: 0
Fin du Scan: 19/02/2008 09:38:27
Temps du Scan: 1:02:50
I have never had nothing to do with Ultimate Security Suite 2.0....
Is this a FP? Something normal that can sometimes be used by a malware?
Or a real infection? I doubt...
Regards,
Jérôme.
Windows Vista Home Premium SP2 32 bits updated, McAfee security suite ( Anti Virus/ Fire Wall/ Anti Spam) allways updated, A Squared free 4.5.0.11, Malwarebytes 1.41 (just for scans). Computer Acer Aspire 3GB.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Jérôme wrote:Hello,
after this morning and last update A Squared free (version 3.1.0.23 with 1.150.887 ojects) finds this:
.......
I have never had nothing to do with Ultimate Security Suite 2.0....
Is this a FP? Something normal that can sometimes be used by a malware?
Or a real infection? I doubt... Hi Jérôme,
It is probably FP.
Sure we need confirmation from EMSI because those are just Traces.
The info I‘ll put below is what I could get and should not be considered as 100% prove.
At the same time it may ring a bell and you may look through you files.
For example:
Do you have XceedCry.dll in your system32 dir?
Do you use some 3rd party Backups (e.g. NTI Backup NOW!, which uses Xceed Encryption Library)?
Do you have and or use Visual Studio .Net development and 3rd party controls/products from http://www.xceedsoft.com (the developer of Xceed Encryption Library... etc. )
When one of the above used they register mentioned XceedCry.dll
ClassIDs at the top of your report, e.g
{231D1CF6-C578-411D-9B9B-48264355805D}
{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468} are associated with that dll and I did not find others.
Any of that sounds familiar?
My regards
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Advanced Member
Groups: Member
Joined: 3/7/2006
Posts: 145
Location: Paris, France.
|
Hello Lynx,
none of all these names are familiar for me...
I don't use and did not use those softwares.
But I did a research an d I have "XceedCry.dll" in system32.... What does that mean?
However I wait for an Emsisoft answer.
I precise that yesterday all was clean, that none software (Ad-Aware, Spyware Doctor, my McAfee) find anything this morning. And since yesterday I did not do any download at all...
Thank you
Jérôme
Windows Vista Home Premium SP2 32 bits updated, McAfee security suite ( Anti Virus/ Fire Wall/ Anti Spam) allways updated, A Squared free 4.5.0.11, Malwarebytes 1.41 (just for scans). Computer Acer Aspire 3GB.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Jérôme wrote:... But I did a research an d I have "XceedCry.dll" in system32.... What does that mean?... Jérôme,
If you have it and it is clean and legit (most likely yes, because file itself wasn't flagged)
it could mean that some Software you have may use encryption library I've mentioned.
It is just probability ...( )
Look at that site referred and what they develop... "real-time ZIP" (on-the-fly) etc.
My regards
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Advanced Member
Groups: Member
Joined: 3/7/2006
Posts: 145
Location: Paris, France.
|
I had a look on this "XceedCry.dll" in system32...
It have been created the 19th of november 2003 so before I have bought my computer... Maybe a software pre-installed by Dell...
It has the good signature by Xceed Software Inc.
So I wait..
Regards!
Windows Vista Home Premium SP2 32 bits updated, McAfee security suite ( Anti Virus/ Fire Wall/ Anti Spam) allways updated, A Squared free 4.5.0.11, Malwarebytes 1.41 (just for scans). Computer Acer Aspire 3GB.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Jérôme wrote:I had a look on this "XceedCry.dll" in system32...
It have been created the 19th of november 2003 so before I have bought my computer... Maybe a software pre-installed by Dell... Correct.
According to Dell they may pre-install Yosemite Backup[R] or Dell Image Restore and others.
Xceed’s data manipulation components are used by Dell for sure and other big clients…like
“Guess Who”? (not the Canadian rock band  ) … but Microsoft itself.
So probably we are very close to the Ultimate Truth
Cheers
{Added} 20/02/2008 3:40PM
Hi Jérôme, Please rescan with new update and tell whether that fixed it. Thanks
[a-squared Free Changelog]
2008-02-20 04:02:
Traces signature update
338 Spyware Traces
2008-02-20 04:02:
Signature update
566 Signatures: 500 Trojans, 2 Dialers, 35 Worms and 29 Spywares
Files: 20080220.trc ; 20080220.sig
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Advanced Member
Groups: Member
Joined: 3/7/2006
Posts: 145
Location: Paris, France.
|
Hello,
I did the update and the result is the same (detection of the same 18 traces) and no answer by Emsisoft!
But I had a look into the registry and, you are right, all the 18 keys flaged are in relation with XceedCry.dll
Regards,
Jérôme.
Windows Vista Home Premium SP2 32 bits updated, McAfee security suite ( Anti Virus/ Fire Wall/ Anti Spam) allways updated, A Squared free 4.5.0.11, Malwarebytes 1.41 (just for scans). Computer Acer Aspire 3GB.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Jérôme wrote:I did the update and the result is the same (detection of the same 18 traces) and no answer by Emsisoft! Hi Jérôme,
I see. I am sure the developers will look at this soon.
It is around 7:30 AM there “at EMSI” now
The case as we understand is kinda unique otherwise we would hear more requests.
Let’s give it a day (their working hours). They will visit the forum.
As you understand it is unacceptable to notify them about every case immediately
"from within a2-Free".
I’ll do it if there is a big delay. Let’s be patient. (those are just traces... )
My regards
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Newbie
Groups: Member
Joined: 2/21/2008
Posts: 3
|
What happened to Jerome is exactly what happened to me. I will watch this forum with great interest. I updated a couple of hours ago (about 5:00pm wednesday February 20 EST (Eastern Standard Time, east coast of the USA)).
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
redmaledeer wrote:What happened to Jerome is exactly what happened to me. I will watch this forum with great interest. I updated a couple of hours ago (about 5:00pm wednesday February 20 EST (Eastern Standard Time, east coast of the USA)). Hi redmaledeer,
You are welcome.
I have a feeling that "what happened" should not cause panic
Can you please confirm the existence of the XceedCry.dll I suspected and which was found on Jerome's computer later... or anything related to the products mentioned above.
If you have it please provide as much info as you can about it.
My regards
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Advanced Member
Groups: Member
Joined: 3/7/2006
Posts: 145
Location: Paris, France.
|
Hello,
after the new update a few minutes ago the detection remains...
And no answer here about it and the questions of this post!
I wonder what I must think about this behaviour?
INFECTION (traces) or FP?
Regards,
Jérôme.
Windows Vista Home Premium SP2 32 bits updated, McAfee security suite ( Anti Virus/ Fire Wall/ Anti Spam) allways updated, A Squared free 4.5.0.11, Malwarebytes 1.41 (just for scans). Computer Acer Aspire 3GB.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Jérôme wrote:after the new update a few minutes ago the detection remains... Hi Jérôme,
The message about the case is there already
Everything will be fine
My regards
P.S.
{Added}
Jérôme,
Can you please look at the link below and post something in better French than I did .
Or even if you have a few spare min – translate the message into English for German or Russian speaking EMSI developers
http://forum.emsisoft.com/Default.aspx?g=posts&t=3098
Thanks in advance for the favour
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Advanced Member
Groups: Member
Joined: 3/7/2006
Posts: 145
Location: Paris, France.
|
Hello Lynx, I have translated his post in english and add some advices with french links. But if I understand well, he has a lot of viruses...
Good luck for him!
And I am still waiting for a solution here...
Regards,
Jérôme
Windows Vista Home Premium SP2 32 bits updated, McAfee security suite ( Anti Virus/ Fire Wall/ Anti Spam) allways updated, A Squared free 4.5.0.11, Malwarebytes 1.41 (just for scans). Computer Acer Aspire 3GB.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Jérôme wrote:... I have translated his post in english and add some advices with french links. But if I understand well, he has a lot of viruses... Good luck for him!
And I am still waiting for a solution here... Jérôme,
That is much appreciated. I thanked you there and thanks again here
You don't need a lot of viruses. Sometimes just one is enough 
Yes we wish he'll be Ok. Strange though that he did not mentioned/showed a2-free report...
but tht's another story...
the solution for this issue here should be on its way
My regards
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Advanced Member
Groups: Member
Joined: 3/7/2006
Posts: 145
Location: Paris, France.
|
New update (without traces...) and same detection again.
Let's wait and dream...
Good night,
Jérôme.
Windows Vista Home Premium SP2 32 bits updated, McAfee security suite ( Anti Virus/ Fire Wall/ Anti Spam) allways updated, A Squared free 4.5.0.11, Malwarebytes 1.41 (just for scans). Computer Acer Aspire 3GB.
|
|
Rank: Newbie
Groups: Member
Joined: 2/22/2008
Posts: 1
|
hey jerome, lynx-
i'm at this forum for the same reason. after updating a-squared today ( thurs 02-21-08 mountain time usa )i received the same results. the previous scan of four days ago ( full scan : i did a "smart scan " today ) did not produce the results in question.
i did a file search on XceedCry.dll ( i couldn't find a way to open the registry location via A2rd and don't know how to do that myself ) and found that my XceedCry.dll is in C:\Program Files\MTV Networks\Urge. i then found Urge listed in the add/remove programs section of my control panel. oddly, the program has been on my computer since 07-05-06 and the "security issues " have not been detected until today. i loaded A2rd three months ago, and spybot s&d doesn't read this as an issue.
i suspect that Urge was a part of a media player update and i don't use it. this begs a further question- will the removal of these traces prevent the removal of the program later? for instance, View Manager is constantly causing traces which i delete and it keeps running ( what is view manager for anyway?) but a2rd screwed up a "deskmate" program and i had to manually delete all accompaning files.
i'm wondering if i should remove the program before i delete the a2rd entries.
any word from EMSI software yet?
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Hi Garry,
I new about XceedCry.dll and C:\Program Files\MTV Networks\Urge too since Jérôme posted but it was not necessary to bring it here.
The main issue I this XceedCry.dll file as I see it, but I wish I knew all details about it.
No file(s) were flagged and those are just Trace.Registry. I hope you read
http://www.emsisoft.com/en/kb/articles/tec070120/
“…By definition, Registry entries are not dangerous in themselves…”
As for removal of traces - I would not recommend. If your System is not misbehaving, please wait. In addition and to support that you described yourself the bad outcome of removal reg entries….
It is not recommended to Delete and even Quarantine without prior investigation.
It is written many times in the Forum and this recommendation does not apply to a2 only but to any security program which flags anything.
I know that it is time for [Sticky]…
As I said EMSI developers are notified and they know that the number of users growing. I cannot tell more than advised above as not to remove and may just repeat: Please be patient.
When we get confirmation about the issue and you decide to uninstall some software you’ve mentioned that will be your choice, the uninstall will go fine and manual deletion of accompanying files will not be necessary.
My regards
P.S.
I don’t want to write here about Urge and MS Media Player 11
Awfully bad, weak, bag of bugs – it is OffTopic issue, so I must stop .
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Newbie
Groups: Member
Joined: 2/23/2008
Posts: 1
|
Hi All. I too, after this mornings scan (11AM Melbourne Australia Time), came up with the 18 “Trace registry – Ultimate security Suite 2.0” notices, along with the normal 15 or so “Trace Cookie” notices.
I first cleared the A2 “quarantine folder”, deleted the “Trace Cookies”, and then quarantined the 18 “Trace registry – Ultimate security Suite 2.0” notices.
That done I carried out a search for a reference to “Ultimate security Suite 2.0” no such file on my computer.
Likewise I carried out a search for XceedCry.dll in my system32 dir, yes it exists, installed back in January 2007, what with I don’t know.
I await for developments in this discussion.
What is the definition of “FP”I too, after this mornings scan (11AM Melbourne Australia Time), came up with the 18 “Trace registry – Ultimate security Suite 2.0” notices, along with the normal 15 or so “Trace Cookie” notices.
I first cleared the A2 “quarantine folder”, deleted the “Trace Cookies”, and then quarantined the 18 “Trace registry – Ultimate security Suite 2.0” notices.
That done I carried out a search for a reference to “Ultimate security Suite 2.0” no such file on my computer.
Likewise I carried out a search for XceedCry.dll in my system32 dir, yes it exists, installed back in January 2007, what with I don’t know.
I await for developments in this discussion.
What is the definition of “FP”
Thank you Peter P
Thank you Peter P
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Peter Patten wrote:...What is the definition of “FP” Hi Peter,
FP -False Positive.
The program (analyzer) thought that it is virus or malware but it made a mistake.
So the intension was good - Positive but the result - incorrect - False detection
That would be a short answer.
When AV or Anti-Malware Software scans it has at least 2 ways to identify "bad guys".
1) signature - the sequence of code already known as being a virus/malware.
2) the first method sometimes works but because code could be modified in order to hide or there is a new unknown code - the heuristics method of identification take place. This one tries to find whether the given sequence of code could be considered as potentially dangerous.
In many cases depending on sophistication of the algorithm implemented in analyzer it gives a correct result... but there may be mistakes. It is not easy
When FP confirmed the developers will make amendments and the error in the algorithm will be fixed
That would be another short answer
Other than that - there is a Google: "Heuristics" "False Positives"... you search, you read
you have another million interesting questions from those readings ... you cannot find an answer
"Torture never stops" (Frank Zappa) 
My regards
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Newbie
Groups: Member
Joined: 2/21/2008
Posts: 3
|
Lynx - Sorry for the delay in responding to your post of Feb. 21, 2008 3:37:36 PM.
In my earlier post I might have added that before my Feb. 20 update this did not happen.
I have these files on my computer:
C:\WINDOWS\system32\XceedCry.dll
C:\WINDOWS\system32\XCEED.ZIP.DLL
I searched my computer for file titles containing "Ultimate", and there were none. None of these products, and none of the products put out by the Xceed company are at all familiar to me.
As you say, EMSI will probably sort this out.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
redmaledeer wrote:...
In my earlier post I might have added that before my Feb. 20 update this did not happen.
I have these files on my computer:
C:\WINDOWS\system32\XceedCry.dll
C:\WINDOWS\system32\XCEED.ZIP.DLL
I searched my computer for file titles containing "Ultimate", and there were none. Hi redmaledeer,
and thanks for the reply and adding this information.
That's important that all involved confirmed "suspected presence of the suspected file".
Having .ZIP.dll is interesting itself if we look at how investigation started.
It would be nice to look at the files Properties and tell "to whom belong" (just in case).
redmaledeer wrote:As you say, EMSI will probably sort this out. I could not say *probably* in this context. How could I? They will for sure.
But speaking of "Ultimate" -the ultimate result must be positive
My regards
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Administration
Groups: Administration
Joined: 1/5/2006
Posts: 2,467
Location: Austria
|
These detected traces are DLL files that are registered in the Windows registry. In this case, these DLLs are used by good and malicious software. That's why they where detected.
We have disabled these signatures with the last update to avoid further false alerts.
Regards,
Christian Mairoll [CEO]
Emsi Software Team - www.emsisoft.com
|
|
Rank: Advanced Member
Groups: Member
Joined: 3/7/2006
Posts: 145
Location: Paris, France.
|
Hello,
OK, the last update (only traces and french language), has fixed the detections.
Thank you and regards,
Jérôme
Windows Vista Home Premium SP2 32 bits updated, McAfee security suite ( Anti Virus/ Fire Wall/ Anti Spam) allways updated, A Squared free 4.5.0.11, Malwarebytes 1.41 (just for scans). Computer Acer Aspire 3GB.
|
|
Rank: Newbie
Groups: Member
Joined: 3/3/2008
Posts: 1
|
Christian Mairoll wrote:These detected traces are DLL files that are registered in the Windows registry. In this case, these DLLs are used by good and malicious software. That's why they where detected.
We have disabled these signatures with the last update to avoid further false alerts.
These are still being detected on my PC and appear to be part of my Anonymizer software, so I hope they are OK.
Thanks for the info.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
Richard Williams wrote:...These are still being detected on my PC and appear to be part of my Anonymizer software, so I hope they are OK... Hi Richard,
Welcome to the Forum.
If you still have the detection after the latest update, please post scan report here
(the way Jérôme did initially)
or
just send it to EMSI fp@emsisoft.com
with any additional information you can provide if you are convinced about Anonymizer.
My regards
P.S.
{added}...and sure the location(s) of XceedCry.dll
It looks like everybody "involved" till now confirmed its presence.
Where you getting this detection several consecutive updates after FP was fixed and the case was reported solved (24 February) or just after the last update?
Thanks
=== The latest update ===
[a-squared Free Changelog]
2008-03-03 00:53:
Signature update
3537 Signatures: 3170 Trojans, 33 Dialers, 104 Worms and 230 Spywares
File: 20080303.sig
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Newbie
Groups: Member
Joined: 2/21/2008
Posts: 3
|
Lynx wrote:redmaledeer wrote:...
In my earlier post I might have added that before my Feb. 20 update this did not happen.
I have these files on my computer:
C:\WINDOWS\system32\XceedCry.dll
C:\WINDOWS\system32\XCEED.ZIP.DLL
I searched my computer for file titles containing "Ultimate", and there were none. Hi redmaledeer, and thanks for the reply and adding this information. That's important that all involved confirmed "suspected presence of the suspected file". Having .ZIP.dll is interesting itself if we look at how investigation started. It would be nice to look at the files Properties and tell "to whom belong" (just in case).
Sorry Lynx. It should have been XCEEDZIP.DLL . Properties shows this as "Part of the Xceed Zip Compression Library...," not surprisingly by Xceed Software.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2/24/2006
Posts: 4,495
Location: Australia
|
redmaledeer wrote:Sorry Lynx. It should have been XCEEDZIP.DLL . Properties shows this as "Part of the Xceed Zip Compression Library...," not surprisingly by Xceed Software. Hi redmaledeer,
No “sorry” needed at all. Thanks for reply. It is never too late .
Moreover, as you see Richard Williams posted just recently. After my reply to him there were few updates already (couple of Traces revisions included).
I hope we’ll have the “very final” answer soon.
My regards
XP Pro, SP3 (32-bit); a2-Free 4.5.0.21(beta); Firewall: Comodo CIS (Defense+ HIPS); Software DEP: integrated into Firewall; Anti-Malware: Mamutu 2.0.0.23 (beta); Verification Engine PlugIn (resident); AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
|
Guest User |