ESET SysInspector FP

Discussion in 'Other ESET Home Products Beta' started by Fixer, Dec 23, 2009.

Thread Status:
Not open for further replies.
  1. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    While I was with ESET NOD32 Antivirus 4.0 has no such problem, but now I noticed that aimp_shell.dll marked as rootkit (ninth level of danger).

    What should I do?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Mine is assesed as risky level 5. Does the SHA1 hash match yours?

    "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" = "AIMP2: Shell Extention" ( 5: Unknown ) ;
    "SHA1" = "C85CF7AA09A109F23C3D4C7FFE73FDAFAABFB63F" ( 5: Unknown ) ;
    "Last Write Time" = "2007/11/27 23:32" ( 5: Unknown ) ;
    "Creation Time" = "2007/11/27 23:32" ( 5: Unknown ) ;
    "File Size" = "60416" ( 5: Unknown ) ;
    "File Description" = "AIMP ShellExt" ( 5: Unknown ) ;
    "Company Name" = "AIMP DevTeam" ( 5: Unknown ) ;
    "File Version" = "3.1.0.0" ( 5: Unknown ) ;
    "Product Name" = "AIMP2" ( 5: Unknown ) ;
    "Internal Name" = "aimp_shell.dll" ( 5: Unknown ) ;
    "Linked to" = "Important Registry Entries -> Shell Execute Hooks -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> AIMP2: Shell Extention"
     
  3. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    Hi Marcos!

    I use AIMP v2.60 Build 525.

     
  4. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    Currently, review ESET SysInspector log, and behold a similar problem:

    Certainly there is a problem with ESET SysInspector.
     
  5. tnovak

    tnovak Registered Member

    Joined:
    Oct 17, 2008
    Posts:
    15
    Hi!

    I have similar problem with another applications:

    https://www.wilderssecurity.com/showthread.php?t=261453

    Details:

    Code:
    "File" = "c:\windows\system32\drivers\scdemu.sys" ( 9: Risky ) ; PowerISO Virtual Drive ; PowerISO Computing, Inc. ; 
      "SHA1" = "1278C9C3E8C4EE0F1EDA43A8739A85145F74EDFD" ( 9: Risky ) ; 
      "Last Write Time" = "2009/11/09  04:21" ( 9: Risky ) ; 
      "Creation Time" = "2009/11/09  04:21" ( 9: Risky ) ; 
      "File Size" = "59388" ( 9: Risky ) ; 
      "File Description" = "PowerISO Virtual Drive" ( 9: Risky ) ; 
      "Company Name" = "PowerISO Computing, Inc." ( 9: Risky ) ; 
      "File Version" = "4, 6, 0, 0" ( 9: Risky ) ; 
      "Product Name" = "scdemu" ( 9: Risky ) ; 
      "Internal Name" = "SCDEMU" ( 9: Risky ) ; 
      "Linked to" = "Running Processes -> System -> c:\windows\system32\drivers\scdemu.sys" 
      "Linked to" = "Drivers -> c:\windows\system32\drivers\scdemu.sys" 
    
    "File" = "c:\program files\medieval software\medieval cue splitter\cue_splitter.exe" ( 9: Risky ) ;  ;  ; 
      "SHA1" = "EE9AFBA5B4B93553378E16C0F66B72479AED5A1C" ( 9: Risky ) ; 
      "Last Write Time" = "2008/08/27  17:21" ( 9: Risky ) ; 
      "Creation Time" = "2008/08/27  17:21" ( 9: Risky ) ; 
      "File Size" = "821760" ( 9: Risky ) ; 
      "File Description" = "" ( 9: Risky ) ; 
      "Company Name" = "" ( 9: Risky ) ; 
      "File Version" = "" ( 9: Risky ) ; 
      "Product Name" = "" ( 9: Risky ) ; 
      "Internal Name" = "" ( 9: Risky ) ; 
      "Linked to" = "Running Processes -> explorer.exe -> c:\program files\medieval software\medieval cue splitter\cue_splitter.exe" 
      "Linked to" = "Important Registry Entries -> Shell Open Commands -> HKLM\SOFTWARE\Classes\CUE_Splitter.file\shell\open\command -> C:\Program Files\Medieval Software\Medieval CUE Splitter\CUE_Splitter.exe "%1"" 
    It really seems to be some problem in the new Sysinspector...

    Tom

    UPDATE: I reinstalled ESS and it came with older Sysinspector module 1213. In this module are these files OK... So the probably faulty module 1214 seems to be removed from update servers (I tried update from pre-release and standard servers).
     
    Last edited: Dec 27, 2009
  6. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    ESET answered that this problem is known and will fix it.
     
Thread Status:
Not open for further replies.