Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HMP - A simple question


  • Please log in to reply
4 replies to this topic

#1 yabbadoo

yabbadoo

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 07 April 2012 - 06:11 AM

I cannot seem to get an answer to this matter.

I use the free version of HMP often for a quick scan, have done it many times. If any threats are found, I go to either AVG, MBAM or Emsisoft AM to check it.

A recent HMP scan came up with DECVW_32.DLL as a threat for the first time.
This file is by VDOnet.corp and dates back to 1996/7 - created 2001, so it looks like it has been around on my PC for a long while. I can find no suspicious comments on the web for VDOnet, only that Microsoft and Check Point are or were involved. Looks OK to me.

The other AV`s above do not pick it up. Have you any comments to make on this ? I do not even know if the file is currently active or just a piece of old junk.

Many thanks
Screen shot :-

Posted Image

Edited by yabbadoo, 07 April 2012 - 06:12 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:34 AM

Posted 07 April 2012 - 06:45 AM

Please note the following quote -
"There are indications that this file is a threat. However, it can also be benign.
The digital signature on this file is invalid."

There is an option to click Ignore - - Looks like a "PUP" (Potentially Unwanted Program) or else a False Positive -
Please read this from myself and quietman7 http://www.bleepingcomputer.com/forums/topic448275.html/page__view__findpost__p__2649819

Many A/virus and Malware programs have added PUPs that give the user a choice of Remove or Ignore -

You could report this as a F/Pos at any decent Forum or upload to Virus Total and see if there is a result -




#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 AM

Posted 07 April 2012 - 09:06 AM

Almost any security scanner can result in an occasional false positive. If you suspect such a detection, you should get a second opinion. Go to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

If you confirm a false detection of a particular file, then you should contact the anti-virus vendor's Tech Support and advise them so their technicians can investigate and make corrections to its database definitions. Most anti-virus vendors have instructions for sample file submissions posted on their web sites. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 07 April 2012 - 10:18 AM

Almost any security scanner can result in an occasional false positive. If you suspect such a detection, you should get a second opinion. Go to one of the following online services that analyzes suspicious files:

In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

If you confirm a false detection of a particular file, then you should contact the anti-virus vendor's Tech Support and advise them so their technicians can investigate and make corrections to its database definitions. Most anti-virus vendors have instructions for sample file submissions posted on their web sites. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.

Thank you so much for your detailed post. I will do what you say.

Having looked at the file which is "hidden", it has a creation date of 2001 and belongs to VDOnet. No scan has ever picked it up before even HMP. VDOnet is/was a reputable source, but I cannot find any current activity on browsing the web, so it looks like they have either gone bust or been absorbed by somebody else.

It seems to be old junk to me and certainly no threat. I will hit the "ignore" on HMP if all the checks look OK.
I am happy with your reply and consider the puzzle closed. Many thanks also to "N".

STOP PRESS

I quickly entered the file online with Virus Total and the answer was "no comments tagged"
I also uploaded the file to VirSCAN which checked for malware with dozens of scanners and found nothing.
Verdict = CLEAN and probably old junk.

I am very grateful for your reference to VirSCAN - it seems a magnificent checker to have - I have saved it as a Bookmark.

Edited by yabbadoo, 07 April 2012 - 10:44 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 AM

Posted 07 April 2012 - 10:29 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users