FP rundll2000.exe

NOD32 with definitions 2430 (20070731) is giving a FP on a file rundll2000.exe

rundll2000.exe - probably a variant of Win32/Agent trojan

MD5 checksum: 4936A6954ED59700A3C706F9094685EE

(well, I think it is a FP, I'll explain later).

This file was coming from an old infection of the computer of Mr.Blaze.

Thread at Wilders:
https://www.wilderssecurity.com/showthread.php?t=169463

The file was uploaded, along with several other files, by Blaze at Derek's board:
http://www.thespykiller.co.uk/index.php?topic=3967

At that time Gavin (TrojanHunter) saw no infection.
BOClean gave, after submitting, a warning; but that was later withdrawn.

Although the file is still in that thread at Derek's board, I could submit it again to ESET if you want me to.

Regards, Jan.

 

Yes, please do so. Send the file to samples[at]eset.com and put something like "FP - " followed by this thread's url in the subject.

 

Hi Marcos,

I have just submitted it.

Best regards,
Jan.

 

Fixed with defs update 2431 (20070801)

Thanks ESET !!!

Best regards,
Jan.

PS-1
Maybe I should clarify something:
I posted:

That quote was only with respect to that file rundll2000.exe

There certainly were infections on the computer of Blaze at that time.
The files were submitted in April 2007 to most companies.
And TH and BOClean did add defs where needed.

PS-2
Off topic:
Ad-Aware SE Pro is now flagging that file rundll2000.exe as Win32.Trojan-PSW.Lineage