Ewido 3.5 FP?

Discussion in 'other anti-trojan software' started by bigbuck, Jul 5, 2005.

Thread Status:
Not open for further replies.
  1. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Just ran 3.5 and found backdoor.crashcoool.e in C:\WINDOWS\SYSTEM32\Jpeg32.dll
    I deleted it.....now please tell me it wasn't an FP?
     
  2. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Seems like one :(
     
  3. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Oops! Wiped it from the quarantine too!
     
  4. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Maybe it's not? Just looked on my backup HDD (ghosted a week ago) and it's not there? Would a few people mind looking and seeing if they have this dll in sys32 please?
     
  5. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  6. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    I don't have it either.... Also, the term "Jpeg32.dll" doesn't look friendly on google.
     
  7. bch

    bch Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    122
    Location:
    Rochdale, UK
    bigbuck

    I've got this file. I sent it to jottis and VirusTotal and it came up clean. Screenshot of properties below. Ewido and PestPatrol have said it's a malicious file. PestPatrol names it as the programme E-Surveiller (Keylogger) which I simply don't have on my computer. TrojanHunter and Tauscan found the file clean as did SpySweeper and TMAS.
     

    Attached Files:

  8. bch

    bch Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    122
    Location:
    Rochdale, UK
  9. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Thanks for looking guys! I'm starting to think it was a nasty, because it wasn't on my backup HDD.
     
  10. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I'd still want to know where it came from if it was not there before. Try A2 free.
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    jpeg32.dll also seems to be a common file name for graphics drivers:

    Black Ice software

    SnapShotPro

    There are probably more.

    For instance, I have this file on both my desktop and laptop - the installation date/time correspond to the installation of my Paperport scanner program and the file version/size are the same on both computers.


    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  12. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Might just have to wait and see what (if anything) stops working?
     
Thread Status:
Not open for further replies.