FP rundll2000.exe

Discussion in 'NOD32 version 2 Forum' started by FanJ, Jul 31, 2007.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    NOD32 with definitions 2430 (20070731) is giving a FP on a file rundll2000.exe

    rundll2000.exe - probably a variant of Win32/Agent trojan

    MD5 checksum: 4936A6954ED59700A3C706F9094685EE

    (well, I think it is a FP, I'll explain later).

    This file was coming from an old infection of the computer of Mr.Blaze.

    Thread at Wilders:
    https://www.wilderssecurity.com/showthread.php?t=169463

    The file was uploaded, along with several other files, by Blaze at Derek's board:
    http://www.thespykiller.co.uk/index.php?topic=3967

    At that time Gavin (TrojanHunter) saw no infection.
    BOClean gave, after submitting, a warning; but that was later withdrawn.

    Although the file is still in that thread at Derek's board, I could submit it again to ESET if you want me to.

    Regards, Jan.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Yes, please do so. Send the file to samples[at]eset.com and put something like "FP - " followed by this thread's url in the subject.
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Marcos,

    I have just submitted it.

    Best regards,
    Jan.
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Fixed with defs update 2431 (20070801)

    Thanks ESET !!!

    Best regards,
    Jan.

    PS-1
    Maybe I should clarify something:
    I posted:
    That quote was only with respect to that file rundll2000.exe

    There certainly were infections on the computer of Blaze at that time.
    The files were submitted in April 2007 to most companies.
    And TH and BOClean did add defs where needed.

    PS-2
    Off topic:
    Ad-Aware SE Pro is now flagging that file rundll2000.exe as Win32.Trojan-PSW.Lineage
     
Thread Status:
Not open for further replies.