Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PREVX 3.0 - MAGICJACK FILE - INFECTION FOUND - HELP!


  • This topic is locked This topic is locked
10 replies to this topic

#1 sesai

sesai

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 07 January 2010 - 09:41 PM

Hi, I am new to this forum and need help.

1) recently I started using MagicJack on my computer and seems like there was an update to the product.

2) I have Prevx 3.0 (free version) installed and it said it had found infections. Following is the message from the log file of Prevx 3.0 that identified the infection
"c:\documents and settings\$user\local settings\temp\nsv34.tmp\nssjphone.dll"

Please note that I have changed my user name to "$user"

3) I have Ad-aware and Microsoft Security Essentials installed on my computer. Ad-aware did not inform/identify any infections

4) Microsoft Security Essentials program requested that I submit the files for inspection - which I did

5) I have scanned my entire computer with Ad-aware and MS Sec Ess, but none of them found infections

6) Whenever the computer is started/re-started - while magicjack is loading and when I point the mouse to the Prevx3.0 icon in the tray, there is a msg like "infection found" --> when I click this message, Prevx 3.0 runs and after completing the scan it (Prevx 3.0) does not list any infections. Immediately I used MS Sec Ess and scanned the whole computer and it does not find any infections. Similarly the Ad-aware scan also does not find/list any infeections.

I am not sure if the Prevx 3.0 identification is genuine or not. But I wanted to be safe. Please help!!!!

BC AdBot (Login to Remove)

 


#2 sesai

sesai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 08 January 2010 - 10:51 AM

PLEASE I NEED HELP !!!!!!

#3 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 08 January 2010 - 11:29 AM

I use Magicjack on a stand alone PC. But could not find it on the PC.

Just did a search for nssjphone.dll.

More info from Prevx. http://www.prevx.com/filenames/16283015785...JPHONE.DLL.html
Note the info under File Behavior

Also under File Name Aliases In particular: WARNINGMJCOULDNOTSTART.GIF

Judging from what you are saying, it`s location, Prevx`s behavior I believe it is a false positive. It is created and run only on Magicjack start-up.
If you are still concerned you can submit it HERE as well for further analysis.

#4 sesai

sesai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 08 January 2010 - 11:44 AM

ThunderZ - Thanks for looking into this. What do you want me to upload/submit for further analysis? Do you need a HJT log or what? Could you please let me know?

Thanks Again, SeSai

#5 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 08 January 2010 - 12:08 PM

If you can find the nssjphone.dll on your PC then upload to here > http://www.virustotal.com/

It will be scanned with multiple AV\AM`s. This will help you judge better if it is a threat. As there is very little information about it on the Internet.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:02 AM

Posted 08 January 2010 - 12:18 PM

Hello, you may need to Show hidden files.

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 sesai

sesai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 08 January 2010 - 07:19 PM

Thanks everyone for the help and suggestions.

I ensured to check the radio button to "show hidden files" and have searched for this file "nssjphone.dll". My search results could not find any such files :thumbsup:

Now I am confused. Please help!!!!

#8 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 08 January 2010 - 10:26 PM

It is not present on the machine I run majicjack on either. The PC is rarely used for Internet access but I do run occasional scans with Malwarebytes and SuperAntispyware. Both show nothing.

IMO, I would not worry about it. I really believe in this case it is a false positive being generated by Prevx.

#9 sesai

sesai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 09 January 2010 - 02:33 AM

ThunderZ and boopme - Thank your for your help. I appreciate your time.

#10 PX3

PX3

    Authorized Prevx Representative


  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 11 January 2010 - 12:53 PM

Hi sesai

I work for Prevx Support. We have been notified about this file today and the previous answer from ThunderZ was correct this is a false positive. It was caused by the naming and location of the file which was flagged by a rule.

We are sorry for any inconvenience this may have caused.

If you ever have files that log up within the product please double click on the file this will then take you to the determination screen for the file. In the top right hand corner you will notice a "Disagree with this Determination" tab click on this tab and this will send the file to us in support. We will then review the file and let you know of the results.

Kind Regards,

Prevx Support.

#11 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:02 AM

Posted 12 January 2010 - 06:07 PM

Since this issue has been determined to be a false positive I will close it now. sesai if you need it reopened for any reason please feel free to pm me or any other moderator and someone would be happy to reopen it for you.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users