Ewido 3.5 FP?

Just ran 3.5 and found backdoor.crashcoool.e in C:\WINDOWS\SYSTEM32\Jpeg32.dll
I deleted it.....now please tell me it wasn't an FP?

 

Seems like one

 

Oops! Wiped it from the quarantine too!

 

Maybe it's not? Just looked on my backup HDD (ghosted a week ago) and it's not there? Would a few people mind looking and seeing if they have this dll in sys32 please?

 

I don't have it on my machine. The HJT guy reckons to get rid of it here: http://forums.techguy.org/history/t-375151.html

 

I don't have it either.... Also, the term "Jpeg32.dll" doesn't look friendly on google.

 

bigbuck

I've got this file. I sent it to jottis and VirusTotal and it came up clean. Screenshot of properties below. Ewido and PestPatrol have said it's a malicious file. PestPatrol names it as the programme E-Surveiller (Keylogger) which I simply don't have on my computer. TrojanHunter and Tauscan found the file clean as did SpySweeper and TMAS.

 

Information on E-Surveiller http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453068070 The jpeg32.dll file is listed near the bottom. (Edit. If PestPatrol finds it, you know it's a false positive.)

 

Thanks for looking guys! I'm starting to think it was a nasty, because it wasn't on my backup HDD.

 

I'd still want to know where it came from if it was not there before. Try A2 free.

 

jpeg32.dll also seems to be a common file name for graphics drivers:

Black Ice software

SnapShotPro

There are probably more.

For instance, I have this file on both my desktop and laptop - the installation date/time correspond to the installation of my Paperport scanner program and the file version/size are the same on both computers.


-rich
________________
~~Be ALERT!!! ~~

 

Might just have to wait and see what (if anything) stops working?