Ewido 3.5 FP?

Discussion in 'other anti-trojan software' started by bigbuck, Jul 5, 2005.

Thread Status:
Not open for further replies.
  1. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Just ran 3.5 and found backdoor.crashcoool.e in C:\WINDOWS\SYSTEM32\Jpeg32.dll
    I deleted it.....now please tell me it wasn't an FP?
     
  2. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Seems like one :(
     
  3. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Oops! Wiped it from the quarantine too!
     
  4. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Maybe it's not? Just looked on my backup HDD (ghosted a week ago) and it's not there? Would a few people mind looking and seeing if they have this dll in sys32 please?
     
  5. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  6. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,528
    Location:
    St. Louis, MO
    I don't have it either.... Also, the term "Jpeg32.dll" doesn't look friendly on google.
     
  7. bch

    bch Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    122
    Location:
    Rochdale, UK
    bigbuck

    I've got this file. I sent it to jottis and VirusTotal and it came up clean. Screenshot of properties below. Ewido and PestPatrol have said it's a malicious file. PestPatrol names it as the programme E-Surveiller (Keylogger) which I simply don't have on my computer. TrojanHunter and Tauscan found the file clean as did SpySweeper and TMAS.
     

    Attached Files:

  8. bch

    bch Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    122
    Location:
    Rochdale, UK
  9. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Thanks for looking guys! I'm starting to think it was a nasty, because it wasn't on my backup HDD.
     
  10. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,665
    Location:
    Toronto Canada
    I'd still want to know where it came from if it was not there before. Try A2 free.
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    jpeg32.dll also seems to be a common file name for graphics drivers:

    Black Ice software

    SnapShotPro

    There are probably more.

    For instance, I have this file on both my desktop and laptop - the installation date/time correspond to the installation of my Paperport scanner program and the file version/size are the same on both computers.


    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  12. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Might just have to wait and see what (if anything) stops working?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.