DCOMbob.exe? Virus? LOL

Discussion in 'malware problems & news' started by notageek, Oct 10, 2003.

Thread Status:
Not open for further replies.
  1. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I ran McAfee VS7.0 and it came back saying DCOMbob.exe might be a virus. LOL The only DCOMbob.exe I rememver downloading is the one from GRC.com. I ran NOD and it my system came out clean. Is this a false positive on McAfee's part? I would say it is but I would LIke another opion. (maybe more) lol
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    notageek,

    "might be" a virus - most probably a false positive.

    Hop over to our free services page, and submit the file for free examination to KAV for example, in case you feel like another reliable check.

    regards.

    paul
     
  3. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Thanks Paul I quarantined the file.
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    The DCOMbob.exe is in the file from gibson research It runs the decombobulator to close port 135.

    Hope this helps

    :)surf safe :)
     
  5. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Thanks bigc. I know it's from GRC. I was just wondering if it's flase positive from McAfee VS7.0 BUt I see now that it is cuz I ran 2 online scans and the KAV file scan and it came out clean. I have let McAfee know about this false positive.
     
  6. frazky

    frazky Registered Member

    Joined:
    Mar 21, 2004
    Posts:
    3
    Norton antivirus 2005 says its infected with a trojan after a recent scan on my pc..DCOMBOB has been on my pc for a year.. probably a secondary infection via something else.... but I havent run my copy of dcombob for 9 months or more... so maybe the origianl file was dodgy?.. :doubt:
    I would suggest that the lay person not dowload anything except from 'prestigious name' sites.
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Mcafee always has reported on the decombob it is a false positive. the newer versions of mcafee don't report on it. it is probably a false positive on nortons part as well. you need to run a2 or ewido or TDs3 to confirm it is actually infected

    bigc
     
  8. dog

    dog Guest

    Just an FYI on a GRC Discussions Thread - Here - If anyone wants to follow this thread.
    Symantec KB article {Hacktool.DCOMScan} - http://securityresponse.symantec.com/avcenter/venc/data/hacktool.dcomscan.html
    Interestingly enough ->Discovered on: August 25, 2003
    Last Updated on: September 12, 2003 12:43:49 AM
     
  9. Birddog

    Birddog Guest

    I run McAfee Enterprise 8.0i DAT4640 and this was just "discovered" on my machine today. It fould all 3 locations I had saved it too.
     
  10. Carver

    Carver Guest

    I download it to shut port 135, I scaned it with Ewido and NOD32, came up clean. I would say it was a FP
     
  11. RainR

    RainR Guest

    Look at what the Mcafee report actually says:

    C:\DCOMBOB.EXE\DCOMBOB.EXE ... Found potentially unwanted program RpcDcom.b.


    "potentially unwanted program"

    Not "virus". Not "trojan". Not "dodgy file". It's a perfectly accurate detection.
     
Loading...
Thread Status:
Not open for further replies.