Caspr1.dll

Hi.

I got the following warning from NOD32 version 2 about a file Caspr1.dll

(my system: W 98 SE Dutch)

Scanning Log
NOD32 version 1.583 (20031219)
Command line: C:\WINDOWS\Caspr1.dll
Checking CRC of the NOD32.EXE file: status OK
Operating memory is OK.

date: 19.12.2003 time: 18:51:57
Scanned disks, directories and files: C:\WINDOWS\Caspr1.dll
C:\WINDOWS\Caspr1.dll - probably unknown CRYPT.WIN32 virus

number of files scanned: 1
number of viruses found: 1
time of termination: 18:51:58 total scanning time: 1 sec (00:00:01)

[hr]

I have the following three related files.
NOD32 gave only that warning about the second file: Caspr1.dll

C:\WINDOWS\Caspr.exe
Size 3584
MD5 7bab2a9cfbc1efa2057663ff3bfd1cef

C:\WINDOWS\Caspr1.dll
Size 22016
MD5 9376b89382a44899d9c1d86a00ce0cb4

C:\WINDOWS\Caspr2.dll
Size 39936
MD5 f2d7ed3d8b28a9d85114448dde3253b8


At the moment I don't know how these files came on my system. I'm still trying to found out.
Those files came yesterday evening (Dutch time) for the first time on my system.
I tend to think that I'm usually well protected, but....

If anyone knows about a legitimate program that uses those files, please let me know !!!


The PestPatrol site gives info about files with the same name, but those files have different MD5 checksums:

http://research.pestpatrol.com/Search/FileInfoResults.asp?MD5=cc2e765c9c5ea1c1210259b76f9c2d85

http://www.pestpatrol.com/PestInfo/c/caspr_1_012.asp


If ESET would like to check those files, I could email them.

Any other info about those files would be highly appreciated !!!

Thanks !
Cheers, Jan.

 

BTW: KAV gives no warning about these files.

 

This is correct. If i remember right, these are ASPack / ASProtect Unpack Emulator Files.
Means it's some kind of a generic unpacker. The DLL's doing the Hook Stuff and the Exe is the Main Executable.

So nothing to worry about.

Regards,
Michael

 

Thanks Michael !!!

I wished I knew how I got those files......

 

The only information outside PestPatrol's site I could find indicates that crackers / hackers supply these files with their warez and it's used as part of the process by which others install the pirated software on their machines (part of generating a bogus serial or bypassing the trial periods, etc.)

Not implying anything here, just what I found.

 

~grin~ Thanks NewNod.
As far as I know I don't have bogus serial numbers nor pirated software here
I paid a small fortune for my (and others) software
And before I forget it: I did inherit (if that is the right English word) 2 programs from a very dear and beloved friend who passed away so sadly a few years ago; but that inheritance is -as far as I know- legal in my country.

 

FanJ wrote:

Thanks for taking my post in the spirit in which it was intended. I thought it could be taken the wrong way, but I was just trying to add to what has been discussed so far.

I'm sure someone else will find other uses for the file which will correctly explain how it ended up on your PC and report those also.

See ya.

 

Hi,

What I more or less expected, knowing what I did at that time, seems to be the case:
those 3 files are related to a program upgrade of the AT The Cleaner 4 Pro.

I wrote: "What I more or less expected".
For myself it was just the only explanation having suddenly those files on my system, but proving it was another thing......

Before I started this thread, I had a little contact but I did something wrong: I didn't contact Daniel from MooSoft (The Cleaner).
I apologize for the confusion.
However I still have to make absolutely sure that those 3 files are indeed coming from The Cleaner.
But my contact surely points me in that way.

May I kindly ask ESET to contact Daniel (developper of The Cleaner) to solve the issue about that warning?
If ESET doesn't have the email-addy of Daniel, please contact Paul Wilders; I'm sure Paul will bring the two parties together on this
ESET could also send me an IM on this board, but I have on and off serious problems to get on-line and at the moment I simply cannot predict when I'm on-line; sorry for that.

Cheers, Jan.

 

Hi,

I've send an email with link to this thread to support of MooSoft and ESET, and to Paul.

Within 15 minutes (kudos to you Daniel !!!!! ) I got a reply from Daniel that it is indeed a false positive.

If I'm allowed to quote Daniel:
"The file is part of a harmless Aspack unpacker."

Cheers, Jan.

 

Hi,
Why you don't send this DLL file to samples@eset.com ?
If you want, send me it to me, and I'll send it directly to ESET, I know some guys from ESET, I can send it for that ESET fix the false alarm or add the new virus, but I believe that it's a false alarm.
Thanks.

 

Hi Sir-carew,

Thanks for your offer

Several hours ago I had contact with Paul and a Moosoft-forum-mod.
And I hate to say it, but I don't have very good experiences with ESET support.....

 

File (zipped) has been send to Kirk (ESET).

 

The situation a few days later:

(Yes, I know the Holiday season is here or at least coming.
Yes, I know there was a weekend between my first posting in this thread and this one.)

Two definition-updates later: still no fix for it.
Although I did send the file to Kirk (ESET): no reply from him.
Neither did I get any other reply from any other ESET-person, nor from Paul.
I do see about 13 ESET-moderators at this ESET-forum, but none of them replied in this thread.


Some other personal notes:
I am willing to give ESET a little more time.
But I am far from happy about this whole situation.
Combine that was some other things:
1- one posting from me at this ESET-board a while back was removed by a, to me unknown, person without even having the decency to tell me why.
2- another posting from me here at the ESET-forum is still un-replied by ESET.


As a customer of ESET I want a full explanation, either here or in private; and I want to get that explanation from ESET.
And I also would like to see a fix about that caspr1.dll file.


Depending on how satisfied I am with the answer(s) (and make no mistake: it is my and only my personal prerogative to judge it as customer), I will decide whether I will switch to another resident AV and/or to drop NOD32 completely.

Did the message come clear that I'm not happy about this whole situation?

Regards, FanJ.

 

Hi,
I understand your situation, however NOD is a good AV.
If you want, send me it DLL file and I will send it directly to a friend that analyze files at ESET.

 

I'm a little confused as to why Eset should bother to fix this at all.

Since the files being "alerted" on by NOD are "part of the new Aspack unpacker" that The Cleaner is using, can't you simply have NOD "Exclude" those specific (the ones in the The Cleaner folder) files?

I mean, isn't it true that Aspack can be used for malicious purposes? (And, no, I'm not saying that has anything to do with Moosoft's use of them - quite the opposite!).

IOW, if NOD "corrects" this def to exclude ASPACK - wouldn't anything ASPACK-related then be able to get by NOD?

It would just seem easier (and safer) to exclude those specif files within the The Cleaner folder itself - that way, anything else using ASPACK would stil be alerted on (as it should be).

I'm probably expressing myself unclearly here - but are you at least getting my drift? pete

 

Latest posting from me here in this thread:

Sir-Carew:

Thanks again for your kind offer.
Having send the file to Kirk has to be sufficient in my humble opinion.


Paul,


In case you missed it: I talked about "decency" to notify me in case a posting from me has been deleted.

Quote:
"You have complained about this on many ocassions, not only in regard to Eset."
I always thought that I was doing something "good" when I mentioned that company A was alerting about a certain file from company B.
Obviously I wasn't.
So I will not do that anymore, neither here nor in private to the companies involved.
So everybody on his (her) own will discover those things and decide what to do about it.
And yes, I do know that false positives can happen; I have no problem with that! I only tried to make folks and companies aware of it when I did see it happen so both companies involved could solve it; that's all.


Pete,

Yes I'm aware of that.
It's up to both parties involved to react, in my humble opinion; besides there is this exclusion issue....


In general:
I've had it. You will not see me in a long time here at the board back.

Wishing everyone (and I do mean that) a really fine and nice Christmas.

Regards, FanJ.

 

Hello,
due to the time shift between Slovakia and the USA, the response might not have been immediate. As soon as we got the sample, we analyzed it and came to preliminary conclusion that the file was actually a false positive. We will conduct further analysis and remedy it in a virus signature database update.

 

Thanks a lot Marcos !
I understand about the time-shift.

Once again I was far too unfriendly and I did let impatience taken over me

I also got a very kind email from Anton.
Many thanks Anton !!!

I want to apologize to ESET, to Paul and the whole team, and to all here at the board.

Peace !

Best regards, Jan (who is feeling ashamed about himself).

 

Hi FanJ,

Happens to the best of us. (As you have demonstrated)
Don't worry about it.

Regards,

Pieter

 

Hi FanJ,

Anyone who frequents these forums knows you are a kind, goodhearted person. And just like the rest of us, you are human. That means there are good moments and bad moments. They call that life.

Have a safe and joyful holiday season!

 

And see - I was wrong - they can "fix" it!

Shame on me and kudo's to jan for sticking it out!

Have a cookie! Pete