Variant of Win32/Boaxxe

Many of our computers are starting to report many dll files that are valid application dlls infected with a variant of Win32/Boaxxe.

False positive?

 

What exactly is detected? Could you copy & paste here the appropriate record(s) from your Threat log? The detections for Boaaxe added today are not false positives, no clean files have been reported from ESET Live Grid.

 

4/20/2012 9:07:38 AM - Module Real-time file system protection - Threat Alert triggered on computer xxxx: C:\Documents and Settings\xxxxx\Local Settings\Application Data\Citrix\jgckaclf.dll contains a variant of Win32/Boaxxe.D trojan. (Citrix application dll)


4/20/2012 10:08:45 AM - Module Real-time file system protection - Threat Alert triggered on computer xxxx: C:\Documents and Settings\xxxxx\Local Settings\Application Data\Cohu\wrqjekzr.dll contains a variant of Win32/Boaxxe.D trojan. (camera control/viewing applicaiton dll).

 

So far it has been limited to only 3 of our several thousand computers and the dll names do not appear to be official looking citirx and cohu dlls. So this may not be a false positive.

 

It's highly unlikely to be FP, even the dll names look suspicious.