Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira detects trojan - np_gp.dll


  • Please log in to reply
4 replies to this topic

#1 gubar

gubar

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 April 2009 - 07:17 PM

Hi,

avira has started to give me this warning:

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll.

I am normally pretty safe and am wondering if this is a false positive - everything appears to be working normally, and googling the name of the dll has been inconclusive.

Any help appreciated.

cheers

gubar

BC AdBot (Login to Remove)

 


#2 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:12:29 PM

Posted 04 April 2009 - 07:29 PM

why not download malwarebytes anti malware(free edition) and get a second opinion if it shows anything then post the log here

#3 gubar

gubar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 05 April 2009 - 08:25 AM

Hello,

thanks for the response.

I have scanned with spybot s+d which found nothing, and on your advice with anti malware free edition. It never found this file to be a virus but did find something else:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.


I wonder now if this is also a false positive or if I should be concerend?

thanks

gubar

#4 Sem

Sem

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 12 April 2009 - 01:09 PM

Hey there me too.

I use Eset Smart Security it didn't pick this up. I use additionally Kapersky online scanner that also didn't, and also A-Squared Free Malware Scanner that Identified this... PrevX CSI 3 also missed though they it seems they are now reviewing this file:

http://spywaredlls.prevx.com/RRIAFB42666234/NP_GP.DLL.html
and here too:
http://www.spywaredata.com/spyware/malware/np_gp.dll.php

Others are concerned also:

http://forums.spybot.info/archive/index.php/t-44161.html

Have you any news?

Thanks Sem

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 12 April 2009 - 02:34 PM

The HKLM\...\NoActiveDesktopChanges registry key above determines
whether or not the users of the machine have the ability to change
their active desktop configuration. There are a large number of
trojans and malware that change that registry entry to "1" in order to
prevent users from removing the displayed content within the active
desktop. You can also set this to 1 to prevent users from changing
their wallpaper, for instance. It is not necessarily an indication
that you are compromised, but by default user are allowed to change
their active desktop settings. The Malwarebytes program flagged the
registry entry because it is more often than not an indication that
malware may be present. If you are comfortable with the appearance
and functioning of your Windows desktop, and don't plan on allowing
other users to change the desktop settings, then leave the registry
entry set to 1, otherwise set it to zero or allow Malwarebytes to do
it for you.

Cheers,
Andy


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users