Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Positives


  • Please log in to reply
1 reply to this topic

#1 chr0naut

chr0naut

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:12:18 PM

Posted 25 April 2010 - 05:22 PM

I have a VMWare environment (WinXP client) where I "test" suspicious programs. I've used XPLite to strip it down to basics and so it does not have DirectX, or sound adapter, USB or anything similar, just a NIC and a virtual HDD.

Aside from Windows, I have Chrome, FireFox, Safari Browsers, VirusTotal Uploader, CCleaner, Auto-It (old legacy version), Sandboxie, Spybot S&D, Malwarebytes Anti-Malware, Avira (free) AV, JRE & UTorrent installed, along with some older database products.

I periodically update & scan with ComboFix the other Anti-Malware stuff just to be sure of the clean nature of the environment.

Despite all the other scanners coming up clean, Combofix is reporting (at or after Stage 50) that dsound.dll in C:\Windows\System32\ is infected and is attempting to restore it.

I have tried completely uninstalling Combofix and re-running a newly installed copy in case it was caching old data but the same issue remains.

It is also telling me that two other DirectX sound related dll files files (d3d8.dll & d3d9.dll) are missing (which is what I expect).

The dsound.dll file definately does not exist (not even hidden or archived off somewhere).

I believe that Combofix may be mis-flagging the absence of dsound.dll as an infection of the the file blocking access to it. Can somone please confirm if this may be the case.

Thank you,
Dave.

Edited by chr0naut, 25 April 2010 - 05:38 PM.

Black holes - where God divided by zero...

BC AdBot (Login to Remove)

 


#2 chr0naut

chr0naut
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:12:18 PM

Posted 25 April 2010 - 08:13 PM

Just scanned with DrWeb CureIT & SUPERAntispyware for completeness. Both say clean (except for tracking cookies).
Black holes - where God divided by zero...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users